a) VERIFYMY LIMITED operates the http://www.verifymyage.com (“Site”), an age verification and estimation solution (“Service”). We are a limited company registered in England & Wales under company number 12050874 and ICO registration number ZA529836.
b) In the UK and EU, VERIFYMY LIMITED is known as the data controller of the personal data described in this Privacy Policy which means it holds and manages your personal data.
c) This Privacy Policy describes our practices regarding personal data generally in the context of the Site and Service. For more detail regarding our collection, use, disclosure, and retention of biometric data (which is more limited than for most other personal data) in this context, please see the Verifymy Age Assurance Biometric Data Policy. Please read this Privacy Policy carefully and ensure that you understand it.
d) The original English language version of this Privacy Policy may have been translated into other languages. Any translated version is a courtesy only and you cannot derive any rights from the translated version. In the event of a dispute about the contents or interpretation of this Privacy Policy or inconsistency between the English version and any other language version, the English language version to the extent permitted by law shall apply, prevail and be conclusive.
a) Personal data is any information about you that enables you to be identified. Personal data covers information such as your name and contact details, but it also includes information such as identification numbers, electronic location data, and other online identifiers. The types of personal data that we collect and why is set out below.
a) Verifymy is a Service provided to business customers in different ways and this affects how we interact with you as an individual and who is responsible for your personal data.
b) In some cases, when we provide our Service to business customers, we are acting on behalf of them. They provide personal data to us and we carry out our Services without any direct interaction from you. Here we are a data processor, processing your personal data on their behalf and on their instruction and they are the data controller. The business customer will be responsible for protecting, keeping and using your personal data in line with data protection laws and if you have any queries in relation to this, please contact the business customer in question.
c) At other times, when we provide our Service to business customers, we will need to interact with you directly to provide more information or if you set up an account with us. Where this happens we will be the data controller, collecting and processing your personal data and be responsible for using it in line with data protection laws.
d) Finally, where you are our business customer we will collect and process certain personal data about you as part of our business relationship. We will be the data controller for this and be responsible for keeping it securely and responsibly.
We collect personal data about you either directly from you, from our business customer (who you have a relationship with), or from third parties. We have set these out below.
a) As an individual utilising our Service, we will collect and process the following personal data:
| Verification method | Data collected | How we collect the data |
|---|---|---|
| Database check to verify you on various databases (User account/transaction details) | Full name | Provided by the business customer to us |
| Full address | Provided by the business customer to us | |
| Telephone number | Provided by the business customer to us | |
| Email address | Provided by the business customer to us | |
| Customer website ID | Provided by the business customer to us | |
| Customer website purchase / access | Provided by the business customer to us | |
| Date and time of purchase / or access | Provided by the business customer to us | |
| ID check and face match | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site | |
| ID document image, name, expiry date, document number | Provided by you via our Site | |
| Image containing your face (“facial image”) (sometimes referred to as a “selfie image”) and an image of your identification card to create biometric scans of facial geometry from each image (“face maps”). | Provided by you via our Site | |
| ID check | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site | |
| ID document image, name, expiry date, document number | Provided by you via our Site | |
| Mobile number check | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site | |
| Telephone number | Provided by you via our Site | |
| Credit card check | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site | |
| Credit card information, such as credit card number, expiry date and security code | Provided by you via our Site | |
| Facial age estimation check | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site | |
| Image containing your face (“facial image”) (sometimes referred to as a “selfie image”) | Provided by you via our Site | |
| Face maps created using biometric scans of facial geometry to confirm your image is of a live person and to estimate your age. | Created by us using biometric scans of your facial image. | |
| Email address age estimation check (For Google age assurance using email address click here) | Email address | Provided by you via our Site |
| IP address | Provided by you via our Site |
b) As a business customer contracting with us for the Services, we will collect and process the following personal data:
| Data Collected | How We Collect the Data |
|---|---|
| Business customer website ID | Provided by the business customer to us |
| Email address | Provided by you via our Site |
| Full name | Provided by you via our Site |
| Full business address | Provided by you via our Site |
| Payment information | Provided by you via our Site |
| Business name | Provided by you via our Site |
| Telephone number | Provided by you via our Site |
| EIN or VAT number | Provided by you via our Site |
| Bank details | Provided by you via our Site |
| Company registration information | Provided by you via our Site |
| What we do | What personal data we use | Our lawful basis under the GDPR where this is relevant |
|---|---|---|
| Registering you on our Site and communicating with you to provide support, answer your queries or requests |
| Your consent. |
| Supplying our Service to you (when making a purchase or accessing a website) | This will depends on the nature of the check conducted as set out in section 4(a): Database check, ID check and face match (biometric data), Mobile number check, credit card check or facial age estimation check (biometric data) | Your consent and our legitimate interests to improve our Services |
| Supplying our Service to you (as a business customer) | All personal data listed under section 4(b). | Fulfilment of our legal contract with you or the business you represent. |
| Protect against, identify and prevent fraud and other prohibited or illegal activity, claims and other liabilities | All personal data listed under section 4. | Our legitimate interests in operating a business and upholding our legal rights and obligations. |
| Compliance with applicable legal requirements and our policies | All personal data listed under section 4. | The legal obligations to which we are subject. |
| Establish, exercise and defend legal claims | All personal data listed under section 4. | Our legitimate interests in operating a business and to uphold our legal rights and obligations. |
We also use data for statistical analysis in order to operate, evaluate and improve our business. Such analysis is only done on personal data at an aggregated and anonymised level.
a) We use the following automated systems for carrying out certain kinds of decision-making If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ (i.e. request that someone review the action themselves, rather than relying only on the automated method), data protection laws give you the right to do so in certain circumstances. Please contact us to find out more using the details in section 12.
b) The following automated decision-making method(s) may be used depending on the check carried out:
a) We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. When we conduct a check, we typically plan to keep the personal data for the periods provided below.
b) However, the exceptions to the table below are:
| Type of Data | Time Held Since the Date of Last Verification |
|---|---|
| Full name | 28 days |
| Date of birth | 28 days |
| Full Address | 28 days |
| Email address | 28 days. In cases where an email address is used to create a Verifymy user account, it is hashed and stored for 24 months in case of re-authentication. |
| IP Address | Deleted immediately once check is complete |
| Telephone number | 28 days |
| Facial image from your live image | 28 days |
| Face map | Destroyed/Deleted immediately once check is complete |
| Credit card information | This information is collected by our payment services provider. We do not ever view, access or store this. |
| Images of your government-issued identification (including the image of you), and other pertinent information on that identification such as name, expiry date, document number | 28 days |
| Business customer website unique identifier (e.g. account username, account ID) | 28 days |
| Business customer website purchase / access details (Customer website ID, Customer website purchase(s), Date and time of purchase(s)) | 28 days |
a) All personal data is stored by us within the EEA.
b) We may share your data with external third parties, as detailed below in section 8, that are based outside your country of residence such as in the EEA. In such cases we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK or EU.
a) We share face maps only in the limited ways described in our Verifymy Age Assurance Biometric Data Policy. We share other personal data as set forth in this section.
b) We share the results of our age verification service with our business customers when you make a purchase or access their site (or attempt to do these things) and they request that we verify your age.
c) We contract with third parties to supply certain services related to our Service. This may include sharing any personal data you have given us or data that we have obtained from a third party source to improve the accuracy of our Service.
d) When any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
e) If any personal data is transferred outside of the UK or EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK or the EEA or the US and under data protection laws.
f) We have put in place appropriate safeguards (such as regulator approved standard contractual terms) in accordance with applicable legal requirements to provide adequate protection for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us as set out at section 12 below.
g) If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party in connection with that event. Any new owner of our business or assets and their suppliers may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.
h) In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We implement physical, technical, and organisational security measures designed to safeguard the personal data we process through our Services, such as high-end cryptography to protect customers’ data. All data is encrypted at rest and in-transit using a combination of 256-bit encryption and hashing algorithms. These measures are aimed at providing on-going integrity and confidentiality for your personal data. We evaluate and update these measures on a regular basis.
If applicable, under the EU and UK data protection laws, you may have the following rights:
b) To exercise any of the rights outlined above, please contact us using the details provided in section 12. There is not normally any charge for making a request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
c) We will respond to your request within a month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
d) If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the data protection regulator. In the UK, this is the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in section 12.
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
To contact us about anything to do with your personal data and data protection, including to make requests or exercise any rights you may have (such as rights under Nevada law to opt out of certain disclosures), please use the following details:
By email:
support@verifymy.io
By post:
VERIFYMY LIMITED
Unit 213 The Frames
1 Phipp Street
London
England
EC2A 4PS
a) We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects how your personal data is protected.
b) Any changes will be posted on our Site. We recommend that you check this page regularly to keep up-to-date.
c) This Privacy Policy was last updated June 2024.
Get in touch
