Last updated: March 2023
Berbix LLC and our subsidiaries and affiliates (collectively, “Berbix”, “we”, “us” or “our”) provides document identity verification services (the “Services”) for the purpose of helping our customers validate your identity and prevent fraud online. In other words, we use artificial intelligence and machine learning to evaluate the authenticity of the identity document and assess whether the image on the identity document (“headshot”) and the image of yourself (the “selfie”) match and whether you are physically present when you submit the images.
The purpose of this privacy notice (the “Privacy Notice”) is to inform you about what happens when you - consumers and our business customers - use the Services, including what types of personal information we collect (including how we get it), how we use it, when and with whom we might share it, and when we’ll delete it. This Privacy Notice also has important information about our use of biometrics and about your data rights under applicable privacy laws.
This Privacy Notice is not a substitute for any privacy notice that Berbix customers are required to provide in accordance with or otherwise required by applicable law.
Information collected via our Services and the sources of that information. Berbix may collect or derive personal information about you from our customers, from your direct engagement with the Services, from public sources of information, or from third parties who provide us with data or otherwise assist with our provision of the Services, including:
Notice re Opt-Out: If you would like to opt-out of the processing of your sensitive information or of the use of your information for automated decision making, or if you otherwise would like to exercise an opt-out right provided to you by law, please review Exercising Your Rights.
We use the information we collect for several purposes, including:
We may also use information necessary or appropriate to (a) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; (b) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities; (c) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (d) audit our internal processes for compliance with legal and contractual requirements and internal policies; and (e) enforce the terms of use that govern the Services.
We may also use personal information for our internal business purposes, such as research and development of new or existing identity verification and fraud prevention products.
Berbix uses the information we collect for our identity verification and fraud prevention purposes. Berbix does not use personal information for marketing purposes and does not sell personal information to third parties. Berbix does not share biometrics with our customers, vendors, service providers, or any other non-affiliated third parties.
We may share the information we collect:
We may also share information with government, law enforcement officials or private parties as required or otherwise permitted by law, when we believe such disclosure is necessary or appropriate to (a) comply with, or evidence compliance with, applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We may sell, transfer or otherwise share some or all of Berbix’s business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Although identity verification and fraud prevention are ongoing purposes that do not expire, we won’t keep your data forever. Except as otherwise provided in this Privacy Notice, Berbix may retain information for up to seven years, as permitted by applicable law. If you provide Berbix with images used in an attempt to commit fraud, however, we will retain the images and any information derived therefrom, and you waive your rights to that data and to pursuing any legal or other action against Berbix.
To the extent any data is generated or derived from a photograph of your face, it is not done in order to identify you as a specific individual. Instead, such information is used for such features and functionality as face detection (whether there is a face on the document submitted), face matching (whether the facial images submitted match), and liveness detection (whether you are physically present when taking the selfie).
To the extent the Services derive biometric information from an image of your face, that occurs only within three years from the date the images were initially processed, and the biometric information will be permanently destroyed immediately after each use, except as otherwise provided in this Privacy Notice.
Berbix is either a “service provider” or a “data processor” pursuant to applicable privacy laws. This means that our customers (the “business” or “data controller”) are legally responsible for responding to requests to exercise your data rights. In order to exercise your rights, you must contact the customer that used the Services. If you reach out to Berbix directly, we will notify our customer, and our customer will complete the process with you. Berbix respects consumer privacy, and we work with our customers when they ask us to assist them with consumer data privacy rights requests.
Berbix uses commercially reasonable physical, electronic, and procedural safeguards to protect information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law, and we recommend that our customers do the same. In fact, our customer agreements generally include data access and security guidelines. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security incident.
The Services are often integrated with our business customers’ websites, platforms, or other systems, which are governed by our customers’ privacy notices and terms of use. Please review those notices carefully, as Berbix does not control and cannot be responsible for the privacy and information security practices or terms associated with non-affiliated third parties.
Berbix reserves the right to modify this Privacy Notice at any time. Berbix’s Services, as well as laws, regulations and industry standards may evolve, which may result in changes to this Privacy Notice. Berbix will post the changes to this page and notify our customers via our agreed upon communication channels.
Berbix encourages you to review this Privacy Notice from time to time to stay informed. In accordance with applicable law, Berbix will notify you of any material changes in its collection, use, or disclosure of your information by posting a notice on its website. Any material changes to this Privacy Notice will be effective immediately.
If you have any questions about this policy, you can contact us at privacy@berbix.com or 888-200-9987.