Try a demo

Identity Proofing Services

1. Introduction

This Privacy Policy outlines how Veridas Digital Authentication Solutions, S.L. (Tax Number B71322804 and registered address at Polígono Industrial Talluntxe II, M-10 · 31192, Tajonar (Navarre, Spain)) handles personal data of real users when providing Identity Proofing Services on behalf of our clients. Our primary goal is to ensure that personal information is processed securely, efficiently, and in compliance with all relevant regulations.

When we process personal data to provide Identity Proofing Services, we are acting as a data processor or service provider, so we act solely on our clients’ instructions, processing personal data to verify user identities and provide related services. This Privacy Policy is referred to Veridas’ processing practices. If you are a user of a Veridas client, we recommend reviewing the client’s privacy policy for full comprehensive information on data collection and usage.

Please consider that specific data protection regulations may apply and the client, as the data controller or business, may have additional obligations, so we suggest you review their privacy policy for further details.

We may periodically update this Privacy Policy to reflect changes in our practices and legal requirements. Any significant updates will be communicated to our clients in advance, allowing them to make necessary adjustments and inform their users.

2. Identity proofing process: how does Veridas process personal information for its clients?

When providing identity verification services, we only process data on behalf of our clients, as data processors. In this regard, it is important to note that we don’t use any personal information of the real users to train our systems.

Veridas’ biometric technology allows our clients to verify the identity of a person remotely, by asking them to take a selfie and provide a photo (e.g.: using an ID document). This is usually done during the registration or onboarding process, where our clients will give us access to a photograph or video of the user and a document that allows to prove his/her identity, as captured through the processes the client has implemented using Veridas technology; it is Veridas’ commitment to have a Data Protection Agreement (“DPA”) in place, or other equivalent means depending on the applicable regulation, in order to make sure that the processing activities are duly regulated before they start. 

The provision of the identity verification service will require Veridas to process the following personal data:

  • The capture of the identity document of the user.
  • The capture of the photo (selfie) of the user. 
  • The capture of videos of the user.
  • Other personal data obtained from official sources and databases, when required.

The previous data will be processed with the following purposes:

  • Identity Document: extract the information contained in it (using OCR techniques), in order to provide the client with the required information for the onboarding in an easy-to-use format. This information may also be used to make a consultation against official sources and databases, when required.
  • Selfie and picture extracted from the identity document: generate the biometric hash of each one and compare them to verify that the person is the same. 

A “passive” proof of life can also be carried out using the selfie, to make sure that there is a real person carrying out the process. 

  • Videos of the user: two types of video recordings may be carried out:
  • The recording of the user performing some actions (e.g. random head movements), with the purpose of conducting an “active” proof of life, on top of the “passive” one that may be carried out directly from the selfie picture. 
  • The recording of the user showing the identification document used for the identity verification to the camera, with the purpose of running additional validation and binding checks.
  • The data mentioned may also be used to carry out anti-spoofing security measures.

The captured data is sent from the client systems to the validation systems developed by Veridas, mainly provided to our clients as cloud services, and depending on the region where the service will be provided and/or the specific requirements of our clients, the servers may be located either in the European Economic Area (“EEA”), by default for clients placed within the EU, or in the USA. The user information will be kept in Veridas’ servers only for the minimum time required to carry out the process (usually, as much as a couple of minutes); after this, we send all the information to our client and delete it automatically. More information in this regard may be found in the Data Storage section.

The evidence of the identity validation process are given to the client, including processed images, similarity scores, integrity checks, etc., which will be used to determine the results of the identity verification process.

To know more about the way Veridas processes personal data in regards to the provision of its services, you may check the Data Protection section of our website.

3. Data storage and deletion

Veridas doesn’t store personal data from production users when providing identity verification solutions. In its Identity Proofing Service, Veridas employs privacy-by-design processes, ensuring that users’ personal data is only processed for the minimum time required for identity validation and then made available to Veridas’ client for storage. Thus, once all the information gathered during the identity process is processed, the outcome of the process and, especially, all the personal data (biometric hash, photos, results of the validation, etc.), all of it considered the evidence of the identity proofing service, will be download by our client and instantly and automatically deleted from our systems. 

In order to make sure that we don’t keep any information, Veridas has an autodelete system in place that automatically erases all process information that has been in the system for more than 30 minutes (or the period agreed with the client based on context needs).

4. Third-parties

Veridas doesn’t share the users’ information with third parties. 

However, some of Veridas’ subprocessors may have access to user personal information, on a need-to-know basis, and only for the purpose of carrying out the activities required by Veridas and/or Veridas’ clients, acting as data controllers. We have a DPA in place with such providers, as required by the article 28 of the GDPR, which provide to us: 

  • IT services:
  • Cloud processing and storage services.
  • Other services related to information and computer technologies.

Place of provision of related services: the European Economic Area. For solutions purchased from the USA or if specifically required by our client, some of the abovementioned services may be provided from the USA as well.

Veridas shall not disclose any user personal data with any other third parties, unless legally obliged to do so by an authority. In this regard, and in order to ensure that we comply with our data protection, confidentiality and intellectual property rights commitments to our clients, Veridas encourages any government or law enforcement entity to request any personal information directly to the applicable Veridas’ clients, as we may not be allowed to provide all such information (or we may not even have that information stored).

5. Rights

As user of Veridas solutions, you have the following rights regarding your personal data:

  • the right to access all your personal data stored by us.
  • the right to correct or rectify inaccurate information about you. 
  • the right to request the erasure of your information. This right may be limited in certain situations. 
  • the right to object to the processing of your personal data. This right may be limited in certain situations.
  • the right to limit the processing of your personal data carried out by Veridas.
  • the right to request portability of your information, in a structured and machine-readable format. 
  • the right to withdraw your consent, if applicable to your specific case. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your information conducted in reliance on lawful processing grounds other than consent.

Should you wish to exercise your rights, you can contact Veridas using the email or mail address listed in section 6. Contact details, providing evidence that allow us to verify your identity.

Please note that some of the previous rights may not be directly provided to you directly by Veridas (e.g., we cannot give you access to your personal information, as we do not store any). As data processors, we encourage you to send any exercise of data protection rights directly to the applicable Veridas’ client, in order to avoid unnecessary delays.

You also have the possibility to exercise your rights before your local data protection authority.

6. Contact details

If you need more information about how Veridas processes personal information, you may contact gdpr@veridas.com

You can also contact our Data Protection Officer at dpo@veridas.com

Finally, you can send you request for information or exercise of rights to the following physical address: Veridas Digital Authentication Solutions, S.L., Polígono Industrial Talluntxe II, M-10 · 31192, Tajonar (Navarra, Spain).

/Let’s talk!

Talk to our identity verification team and find out what our solutions can do for you:
/Certified technology
nist_logo-1.png
IBETA-COMPLIANT-ISO-30107-3-logo-New.png
ISO9001
27001-ENAC-Castellano
ENS-logo-700x276-1.png
5bfdd73990c23b4fdade7e4d_GDPR-Logo.png
2023 luminary

About

Solutions

Industries

Use cases

Resources

Developers

Partners

Become part of our network and add the best verification solution on the market to your product catalog.

Become a partner
More info

Find us worlwide

  • Spain
  • United States
  • Mexico
  • United Kingdom

Gartner peer-insights

Read reviews

Follow us

Try a demo
Facial Parking Access

Simplify entry, save time, and manage your stadium parking more efficiently.

Quick Facial Parking Access

Enter the parking area in under 1 second with facial recognition technology.

Stress-Free Experience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Enhanced Security

Elevate your parking security for peace of mind.

Facial Ticketing

Protect your Stadium with our end-to-end identity verification platform, featuring biometric and document verification, trusted data sources, and fraud detection.

Instant Identity Verification

Verify your attendees’ identity remotely in less than 1 minute.

Pop-up Convenience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Maximum Security

Enhance the security of the purchase process, eliminating the possibility of fraud, resale, and unauthorized access.

Learn More
Popup title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.