Effective Date: 20th May 2025
IDMERIT LLC and its affiliates (collectively, “IDMERIT”) respect your privacy. At IDMERIT, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, disclose and safeguard your personal data in accordance with global data regulations, including the GDPR and CCPA. Our services focus on secure identity verification and fraud prevention, ensuring compliance with applicable laws while maintaining the highest standards of data protection.
This Privacy policy outlines our practices concerning the collection, utilization and safeguarding of Personal data. We gather various types of Personal data and this notice elucidates the reasons behind such data collection; the entities we may share it with and the stringent measures we implement to uphold data security. Additionally, it clarifies your rights and choices regarding your Personal data as well as how to reach out to us for inquiries concerning our privacy procedures.
It is important to note that we act as representatives for and adhere to the directives of financial institutions, merchants and other partners who function as data controllers. For comprehensive information about how your Personal data is processed in these circumstances, we recommend referring to their respective privacy policies.
Our approach to privacy may differ across the various countries in which we operate, aligning with local norms and legal obligations. Specific privacy notices may be applicable to certain products and services we offer. To gain a deeper understanding of our privacy and information practices pertaining to a particular product or service, we encourage you to visit the dedicated webpage or digital asset associated with it
1. Information of a Personal Nature That We Might Gather
Any data associated with an individual, whether identified or identifiable, is referred as “Personal Data”. We could potentially gather the following categories of Personal Data
(1) Product and Service Data: This includes data submitted by our clients via API services or online platforms, such as names, addresses, contact details and business-related information, which are processed solely for identity verification and fraud prevention.
(2) Data from Partners: We may receive data from our trusted partners and service providers including financial institutions, credit bureaus, government agencies, and compliance databases. This information may include, but not limited to, your name, contact details and demographic data.
(3) Online Activity Data: Information about your website, device and mobile app usage, collected through automated means like cookies and similar technologies, to maintain security, prevent fraud, and ensure service functionality.
(4) Employment Application Data: If you apply for a job with us, we may collect information related to your job application and relevant details.
(5) Business Contact Data: In the case where you represent one of our business partners, we may gather your business contact information to facilitate service delivery and support.
Category summary:
The following categories of personal information collected and stored in the past twelve (12) months
Category | Examples | Collected/Stored? |
---|---|---|
A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | No |
B. Personal information | Name, contact information, education, employment, employment history, and financial information | No |
C. Protected classification characteristics under state or federal law | Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data | No |
D. Commercial information | Transaction information, purchase history, financial details, and payment information | No |
E. Biometric information | Fingerprints and voiceprints | No |
F. Internet or other similar network activity | Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements | No |
G. Geolocation data | Device location | No |
H. Audio, electronic, sensory, or similar information | Images and audio, video or call recordings created in connection with our business activities | No |
I. Professional or employment-related information | Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | No |
J. Education Information | Student records and directory information | No |
K. Inferences drawn from collected personal information | nferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | No |
L. Sensitive personal Information | No |
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
Personal data that we receive from our Partners
In compliance with applicable data protection regulations, we may obtain specific personal data from our trusted partners, such as third-party service providers, advertisers, business affiliates or publicly available records which may include, but is not limited to, your name, contact details and demographic data. This data is received to facilitate a secure data exchange with customers, with utmost care and confidentiality, ensuring it is utilized to provide enhance services, provide targeted content, prevent fraud, verify identities, improve user experience and for advertising purposes to improve overall user experience. Our partners, as well as ourselves, adhere to this Privacy Policy and comply with relevant data protection laws. The shared data is used exclusively for legitimate business purposes. If required by law, we may process your personal data as a data controller for our own purpose or as a data processor on the instructions of our partners or customers.
Personal data we obtain from Advertisements, Websites and Applications
When you interact with advertisements, websites or applications that are affiliated with our services, we may collect certain personal data about you. This information can include your device type, IP address, browser settings and the pages or content you view. We use various tracking technologies, such as cookies and web beacons, to gather this data. This information helps us understand how you engage with our online ecosystem and allows us to provide you with a more personalized experience. It also assists us in measuring the effectiveness of our advertising campaigns and improving the quality of our services. Rest assured, we handle this data in compliance with relevant privacy laws and regulations and it is used solely for the purposes outlined in this Privacy Policy.
Additionally, when you interact with third-party websites, apps or services that are integrated with ours or feature our content, your personal data may be shared with us by those third parties. This shared information could include details about your interactions, preferences and actions within their platforms. We treat this information with the same care and respect as any data we collect directly. It enables us to offer you a seamless and consistent experience across different digital environments while maintaining a high level of privacy protection. We encourage you to review the privacy policies of these third-party platforms to understand how your data may be used beyond our services.
Personal data we obtain through Job applications
When you apply for a job with our organization, we may collect a range of personal data as part of the application and recruitment process. This information typically includes your name, contact details, resume or curriculum vitae, cover letter, employment history, educational background and any other information you provide as part of your application. We may also collect information such as references, background checks and assessment results during the recruitment process to evaluate your suitability for the position applied for. This data is collected and processed solely for the purpose of assessing your qualifications, contacting you about the job application and facilitating the recruitment process.
Additionally, as part of our commitment to equal opportunity and diversity, we may request demographic information, such as gender, race, or ethnicity, on a voluntary basis. Providing this information is optional and it will not impact your job application. We use this data for internal reporting and to help us ensure that our recruitment practices are fair and inclusive. Your personal data collected during the application process is treated with the utmost confidentiality and is accessible only to those involved in the recruitment and hiring process. If your application is not successful, we may retain your information for a limited period for potential future opportunities, unless you request its deletion. We comply with all applicable data protection laws and regulations in handling your personal data throughout the application and hiring process.
Cookies
To get a better understanding of how users’ access and use our Site, we may use or engage others to use cookies, and similar tracking technologies like web beacons and pixels, to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions. You can browse our Site without telling us who you are or submitting any personal information. We simply use this information to understand Site activity and to monitor and improve Site performance.
- How do we use cookies?
Company uses cookies to:- Authenticate your account when you log into the Site;
- Aggregate statistical information about user activity; and
- Help prevent fraud
Cookies may be stored on your device to improve user experience across visits to our Site, and for analytics including page views and site visits. Keep in mind that this type of data does not distinguish an individual – in other words, it won’t be tied to your identity. The cookies used for our Site are not used or tied to the Services themselves, so your activity within our Services is completely private.
- How do I disable cookies?
Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The “Help” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Site visitors who disable their web browsers’ ability to accept cookies will be able to browse the Site, but certain Site features will not function.
Source | Listing | About | Opt Out |
---|---|---|---|
Google Analytics | ssl-googleanalytics.com | Learn More | Disable |
staticxx.facebook.com www.facebook.com | Learn More | Disable | |
DoubleClick by Google | stats.g.doubleclick.net | Learn More | Disable |
2. How We May Use Your Personal data
At IDMERIT, we are committed to protecting your privacy and ensuring the responsible use of your personal data. This section of our Privacy Policy outlines the various ways in which we may use the personal data we collect from you:
- Providing and Improving Services: We use your personal data to facilitate identity verification, fraud prevention, and compliance services. This includes processing verification requests, responding to client inquiries, and improving service efficiency.
- Compliance and Risk Management: We process personal data to meet regulatory obligations, conduct compliance checks, and mitigate risks related to fraud and financial crimes.
- Security: Personal data is used to detect and prevent fraudulent activities, unauthorized access, cybersecurity threats, and other security risks to protect our platform and users.
- Communication: We may use your contact information to communicate with you about updates, promotions, news and important information related to our products and services. You can opt out
of these communications at any time. - Security: Your personal data is crucial for the security and integrity of our systems. We use it to detect and prevent fraud, unauthorized access and other security breaches.
- Customer Support: Your data assists us in providing you with effective customer support, resolving issues and answering your inquiries.
- Recruitment: If you apply for a job with us, your personal data will be used for the recruitment and hiring process.
- Aggregated and Anonymous Data: We may aggregate and anonymize personal data for security, fraud detection, and industry analysis purposes. However, this data will not be used for advertising or marketing.
The types of personal data that may be processed as part of our verification and fraud prevention services include, but are not limited to:
(1) Identity-related information such as name, address, date of birth, and government-issued identification details.
(2) Contact details such as phone number, email address, and business-related information.
All personal data is processed strictly for verification and security purposes, following applicable regulations and the highest data protection standards. We do not sell, lease, or commercially license personal data.
In accordance with relevant legal requirements regarding legal basis for the processing of your personal data, we will utilize your personal data: (i) with your explicit consent; (ii) when processing is necessary for the performance of a contract to which you (the individual) are a party or in order to take steps at your request (the individual) prior to entering into a contract (iii) when a legitimate and paramount interest necessitates the utilization of such information.
We utilize the information we collect for the following purposes. The specific legal basis for processing your information may vary depending on your location and under applicable law, as detailed below.
- Processing Activity: Fraud Prevention and Risk Management
IDMERIT and its affiliates may use your data to implement various measures, including identity verification, to safeguard against fraud, cyber threats, unauthorized transactions, claims and other potential liabilities. In alignment with this commitment, we may engage in data licensing, allowing your personal data such as demographic details and contact details, to be licensed to our customers. Our customer includes, but not limited to, global customers providing payment transaction processing and other related-payment services and multinational FinTech and AdTech companies. This licensing is aimed at enhancing their services offered to you, managing risk exposure and upholding the integrity and security particularly in the areas of fraud prevention and identify verification, thereby ensuring the quality of the franchise.
Legal Basis for Processing: We will act as a “data controller” (or such similar term under applicable law) and determine the purpose of the processing activities of your personal data. Such purposes include, activities as fraud prevention, identity verification services and risk management, all while upholding the standards of privacy. Furthermore, our customer may utilize your information for services like fraud prevention and identity verification, enhancing their offerings with a commitment to quality service.
We rely on our legitimate interests to collect and process personal data relating to this purpose as our legal basis when licensing the personal data to our customers. Acting as a data controller involves the lawful use of personal data to meet customer needs while adhering fully to relevant laws. We conduct assessments to meticulously balance the necessity of data processing with individual rights, minimizing potential impacts on privacy.
In the absence of a legitimate interest, we may alternatively justify processing as necessary for the performance of a contract to which you are a party as a legal basis for this purpose. Your explicit consent serves as our legal basis for marketing purposes outlined in the section above.
When we provide our services to our customers, such as by verifying an individual’s identity, we are acting on behalf of our customers as a “data processor” (or such similar term under applicable law). In our role as a data processor, we meticulously follow explicit instructions outlined in contractual agreements with our customers that act as data controllers when processing personal data, ensuring compliance with legal requirements and contractual obligations.
- Processing Activity: Product and Service Communication
We or our affiliates engage in providing, administering and communicating with you about various products, services, offers, loyalty programs and promotions, including contests, sweepstakes and other marketing activities offered by merchants and partners.
Legal Basis for Processing: For this processing activity, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data for the purpose of providing you with products and services.
- Processing Activity: Customer, Supplier and Vendor Relationship Management
Our activities encompass the management of relationships with our customers, suppliers and vendors, including the creation and publication of business directories that may contain business contact information.
Legal Basis for Processing: For the management of our customer, supplier and vendor relationships, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data for the purpose of managing these relationships.
- Processing Activity: Business Operations and Improvement
We engage in various activities to operate, evaluate and enhance our business. These activities include developing new products and services, assessing the effectiveness of our advertising, analyzing our products, services, websites, mobile apps and other digital assets to ensure their optimal functionality.
Legal Basis for Processing: For these business operations and improvement activities, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data to enhance our products and services.
- Processing Activity: Personalized Services and Recommendations
We strive to offer you personalized services and recommendations to enhance your experience. For instance, we may utilize your Personal data, including your email address and your interactions with our website, to analyze your preferences, interests and behaviour. This analysis allows us to provide tailored content and the most relevant offers, recommendations and email communications related to specific products offered by merchants and partners.
Legal Basis for Processing: For the provision of personalized services and recommendations, we rely on one or more of the following legal bases: your explicit consent for the use of your Personal data, the necessity of processing for entering into or fulfilling a contract to which you are a party, or the presence of a legitimate interest, either from us or a third party, in using your Personal data to provide you with personalized services and recommendations.
- Processing Activity: Anonymization of Personal data and Aggregated Data Reporting
We engage in the anonymization of Personal data and the creation of aggregated data reports to provide valuable insights to merchants and other customers and partners. These insights encompass past and potential fraud detection, risk assessment and other valuable information derived from this anonymized data.
Legal Basis for Processing: For the purpose of anonymizing Personal data and generating aggregated data reports, we rely on one or more legal bases, which may include a legitimate interest, either held by us or a third party, in utilizing your Personal data for these specific purposes. Additionally, in jurisdictions where applicable, we may conduct this processing for statistical and research purposes or for the training of our systems. It’s important to note that any deidentified or anonymized information we maintain will be used exclusively in such form and we will not attempt to reidentify this information unless permitted by applicable law.
- Processing Activity: Evaluation of Interest in Employment and Contact for Possible Employment
We engage in the assessment of individuals’ interest in potential employment opportunities with us. As part of this process, we may contact you regarding such employment opportunities.
Legal Basis for Processing: The processing of your Personal data for the purpose of evaluating your interest in employment and contacting you regarding possible employment is grounded in one or more legal bases. These include the necessity of processing for entering into or performing a contract to which you are a party. Additionally, we may rely on our legitimate interest or that of a third party in using your Personal data for this specific purpose. Furthermore, compliance with legal or regulatory obligations may also necessitate such processing.
- Processing Activity: Enforcement of Terms of Use and Legal Rights
We may process your Personal data when necessary to enforce our Terms of Use or to establish, exercise and defend our legal rights.
Legal Basis for Processing: The processing of your Personal data for these purposes is grounded in various legal bases, depending on the specific circumstances. It may be necessary for entering into or performing a contract to which you are a party. Additionally, it could be required for compliance with legal or regulatory obligations. We, or a third party, may also have a legitimate interest in using your Personal data to enforce our Terms of Use and protect our legal rights.
In cases where applicable law mandates, we have conducted assessments to balance the interests underlying data processing, whether they are ours or those of a third party. This ensures that such interests do not override your own interests, fundamental rights or freedoms.
We will not make decisions that significantly impact you, such as those with legal consequences or substantial effects, solely through automated processing unless:
- You have explicitly consented to such processing where required by applicable law.
- The processing is necessary for entering into or performing a contract.
- We are legally obliged to use your Personal data in this manner such as to prevent fraud.
3. How We Disclose Your Personal Data
At IDMERIT, your privacy and the security of your personal data are of paramount importance to us. This section of our Privacy Policy outlines how we may share your personal data, ensuring transparency and clarity about the ways your data is handled. Please be noted that in below cases your Personal data may be shared with us by or we may share this information with. Please take a moment to review this information carefully.:
- We will share your personal data when you have provided clear and voluntary consent for specific purposes. This might include sharing data with trusted third parties for marketing promotions or partner offers. You have the right to withdraw your consent at any time.
- To provide you with our services, we collaborate with trusted service providers who process your data on our behalf. These partners may include payment processors, delivery companies or IT service providers. Rest assured that we select service providers who adhere to rigorous data protection standards.
- we may disclose your personal data when required by applicable laws, regulations or legal processes. This includes sharing data with law enforcement agencies, government authorities or regulatory bodies when necessary.
- We may share your data with our trusted business partners for joint marketing initiatives, collaborations or co-branded services. These partnerships are designed to enhance your experience and provide you with valuable offers and opportunities.
- We may share your data with our trusted customers through licensing agreements, enabling them to use your data to enhance their services. These agreements strictly adhere to stringent data protection regulations.
- If there is a merger, acquisition or any other type of corporate transaction involving IDMERIT, your personal data may be transferred as part of the business assets. Rest assured that your data will continue to be protected following any such transaction.
- We may share your personal data when it is necessary to protect our legal rights, property or safety, as well as the rights, property and safety of our customers, partners, and employees. This includes sharing information to prevent fraud or address security issues.
- We may share anonymized and aggregated data that cannot be used to identify individuals. This information is often used for research, analytics and industry insights, benefiting both our company and the broader community.
- If you are located outside the country where IDMERIT is based, please note we may act as data agent that participates in transferring your personal data internationally. We take appropriate measures to ensure that your data remains secure and protected in accordance with applicable data protection laws.
We want you to have control over your personal data. If you have questions or concerns about how we share your data, please get in touch with our privacy team using our “Contact Us” section.
4. Data Subject Rights
IDMERIT is dedicated to respecting your privacy and providing you with choices and control over your personal data. Please take a moment to familiarize yourself with your rights and options:
- Data Access: You have the right to request access to the personal data we hold about you. This allows you to verify what data we have collected and how we use it.
- Data Correction: If you believe that any of the personal data, we hold about you is inaccurate or incomplete, you can request corrections or updates. We encourage you to keep your information accurate and up-to-date.
- Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used and machine-readable format. This allows you to transfer your data to another organization if you wish.
- Data Restriction: Under certain circumstances, you can request the restriction of processing your personal data. This means we will temporarily suspend the use of your data while we investigate your request.
- Data Objection: You can object to the processing of your personal data for specific purpose, such as direct marketing. We will respect your request unless we have a legitimate reason to continue processing your data.
- Consent Withdrawal: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
- Data Erasure: You have the right to request the deletion of your personal data. This includes instances where your data is no longer necessary for the purposes for which it was collected.
- Marketing Control: You can manage your marketing preferences and opt-out of receiving promotional communications from us at any time. Instructions for unsubscribing are typically provided in marketing emails.
- Browsing Control: You have the option to control cookies and tracking technologies through your browser settings or by using our website’s cookie preference tools. Please review our Cookie Policy for more information.
- Do Not Track: Your web browser may offer a “Do Not Track” option. While our website respects these signals, please note that we may still collect and use information for essential purposes.
- Privacy Concerns: If you believe your privacy rights have been violated or you have concerns about how your data is handled, please contact us using our “Contact Us” section. We take privacy complaints seriously and will investigate and address them accordingly.
- Right to Complaint: In accordance with your country or local regulations, you are entitled to file a complaint regarding the utilization of your personal data with the appropriate supervisory authority or regulatory body.
Right to/ Lawful Basis | Access | Rectification | Erasure | Restriction | Portability | Object |
---|---|---|---|---|---|---|
Consent | • | • | • | • | • | × (can withdraw) |
Contract | • | • | • | • | • | × |
Legal Obligations | • | • | × | • | × | × |
Vital Interests | • | • | • | • | × | × |
Public task | • | • | × | • | × | • |
Legitimate Interests | • | • | • | • | × | • |
• – Available × – Not Available
Depending on your country and the applicable law you or a party authorized to act on your behalf, can exercise your rights or choices to control your personal data by submitting a request in our “Contact Us” or by writing to us at the following address:
IDMERIT LLC
Legal Department
5838 Edison Pl Suite 210
Carlsbad CA 92008, USA
We will not refuse or impose varying charges if you decide to exercise these rights.
Time Limits for Responding to Data Protection Rights Requests:
We are committed to respecting and protecting your data privacy rights. If you choose to exercise your data protection rights, including but not limited to the right to access, rectify, erase or object to the processing of your personal data, please note that we will make every effort to respond to your request promptly. In accordance with applicable data protection laws, our standard response time for addressing data protection rights requests is one calendar month from the date of receiving a valid request. However, in certain circumstances, this period may be extended in accordance with the law. If an extension is necessary, we will notify you within one month of receiving your request, explaining the reasons for the delay. Rest assured that we will handle all requests with the utmost diligence and in compliance with relevant data protection regulations.
5. Transferring Data
IDMERIT is a global data expert and consultant. As part of our services, it may be necessary for us to transfer your data to various locations or customers or third parties. The data protections laws vary for every country and may be different as the country from which you initially provided the information. In accordance with this Privacy policy, we comply with the applicable legal requirements when transferring Personal data to other countries. This section of our Privacy policy explains how we transfer your personal data and the steps we take to ensure the security of these transfers.
- International Data Transfers: Your personal data may be transferred, processed or stored in countries outside the European Economic Area (EEA), United States or your home jurisdiction, where different data protection laws may apply. We take every measure to ensure your personal data remains secure and protected, regardless of the destination.
- Legal Bases for Data Transfers: We commit to transferring your personal data only when there’s a valid legal basis and legitimate purpose. These may include:
- Consent: Your explicit consent for the data transfer.
- Contractual Necessity: When the transfer is essential for fulfilling a contract
- Legal Compliance: Transfers required to meet legal obligations or respond to lawful government requests.
- Legitimate Interests: Transfers that serve our legitimate interests, provided they do not infringe on your rights and freedoms.
- Safeguarding Your Data During Transfers: To protect your personal data during international transfers, we employ robust security measures such as:
- Data Security: Implementing technical and organizational safeguards to prevent unauthorized access, disclosure, alteration or destruction of your data.
- Data Transfer Mechanisms: Utilizing GDPR-approved mechanisms, like Standard Contractual Clauses or other authorized methods to safeguard data transfers.
- Data Minimization: Only transferring the minimum amount of data required for the intended purpose.
- Data Transfer Mechanism: To facilitate the lawful and secure transfer of your personal data to recipients in countries outside the European Economic Area (EEA) or other regions with data protection regulations, we may utilize specific data transfer mechanisms recognized by ata protection authorities. These mechanisms include Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs) or other legal mechanisms as required by the applicable data protection laws. These mechanisms serve to safeguard your data and maintain the high standards of data protection to which we are committed.
- Sharing Data with Third Parties: We may share your personal data with trusted third-party service providers, partners or affiliates who are bound by contractual agreements to adhere to data protection standards in compliance with GDPR, CCPA or relevant regulations.
- Data Subject Rights: If your data is transferred internationally, you may have specific rights related to the protection of your personal data. To understand and exercise these rights, please contact us using the “Contact Us” page.
- Changes to Data Transfer Practices: Our data transfer practices are subject to change due to evolving legal requirements or business operations. We will update this Privacy Policy accordingly. We recommend checking this section regularly for the latest information.
- Data Protection Impact Assessment (DPIA): If required by the applicable data protection laws, we may ask Data Processor to conduct a Data Protection Impact Assessment to evaluate and mitigate the potential risks associated with the transfer of your personal data.
At IDMERIT, we take data transfers seriously and are committed to upholding the privacy and security of your personal data in compliance with GDPR, CCPA and applicable laws. If you have questions or concerns about our data transfer practices, please reach out to us from “Contact Us” section. Your privacy is our priority and we are dedicated to ensuring your data is handled with care and in line with data protection regulations.
6. Safeguarding of Your Personal Data
At IDMERIT, safeguarding your personal data is a top priority. We are committed to ensuring the security and confidentiality of the data you entrust to us. This section of our Privacy Policy explains the measures we have in place to protect your personal data effectively.
- We utilize advanced encryption technologies to secure your personal data during transmission. This means that any data exchanged between your device and our servers remains encrypted and unreadable to unauthorized parties. You can recognize secure connections by looking for “https” in the website address and a padlock icon in your browser
- Your personal data in our possession is maintained under strict controls. Our data storage systems are designed to protect against unauthorized access, data breaches and other security threats. We regularly review and update our security protocols to stay ahead of emerging risks.
- Access to your personal data is restricted to authorized personnel who require this information to perform their job duties. We implement role-based access controls and conduct regular training to ensure that our employees understand the importance of data security and privacy.
- We conduct security audits and assessments of our systems and infrastructure to identify and rectify vulnerabilities promptly. This ongoing process helps us maintain a high level of security and protect your personal data from potential threats.
- We are committed to complying with all relevant data protection laws and regulations. This includes adherence to the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), if applicable. We maintain a thorough understanding of these laws and continuously update our practices to align with changing requirements.
- When we engage third-party service providers, partners or vendors, we ensure that they meet our stringent security and privacy standards. All such parties are contractually bound to uphold data protection requirements.
- Despite our best efforts, no system is entirely immune to potential security incidents. In the unlikely event of a data breach or security compromise, we have a well-defined incident response plan in place. We will promptly investigate and take appropriate action to mitigate any impact on your personal data.
- We encourage you to use strong, unique passwords for your accounts regularly update your login credentials, and be cautious of phishing attempts and suspicious emails. If you ever suspect any unauthorized activity related to your account, please report it to us immediately.
7. For how long your personal data is retained
IDMERIT or its affiliates (“we”) may retain the personal data we collect or supply where we have an ongoing legitimate business need to do so. In certain circumstances, we may need to keep your information for legal reasons after our contractual relationship has ended for example, situations where we are made subject to a legal obligation, where we require access to your information to effectively resolve requests or complaints, as evidence to compliance laws, in connection to litigation or regulatory matters or conclusion of your recruitment process. Once there is no valid business necessity or legal requirement for retaining your personal data, we will either delete or anonymize it. In cases where deletion or anonymization is not immediately feasible, the data is securely archived and is isolated from any further processing until deletion becomes viable. Archived data will have a maximum retention period of 8 years. A detailed retention schedules are provided in below table for reference.
Data Category | Retention Period | Storage Type |
---|---|---|
Financial Records | ||
Accounts | 6 years | Electronic |
Payroll & Salary Records | 7 years | Electronic |
Tax Records | 8 years | Electronic | Human Resources |
Employee Performance Evaluation | Length of Employment + 6 years | Electronic |
Other HR Data | 7 years | Electronic |
CCTV Recordings | 3 years | Video |
Emails | 5 years | Electronic |
Subject Access Requests | 5 years | Electronic |
Electronic Marketing Records | 5 years | Electronic | Recruitment |
Job Application – Recruited Candidates | Length of Employment + 6 years | Electronic |
Job Application – Unsuccessful Candidates | 6 months | Electronic |
Employee Requests | Length of Employment + 6 years | Electronic |
Training Records | Length of Employment + 6 years | Electronic |
Attendance Register | 7 years | Electronic |
Employee Medical Records | Minimum 3 years or 5 years | Electronic | Contracts and Procurement |
Contracts and Procurement Records | End of contract + 7 years | Electronic | Personal Data |
PII Data | Max 1 hour, or as contractually agreed, or as per legal/regulatory requirement |
Electronic | Legal Documents |
Legal Documents | Permanent | Electronic | Customer Data |
Customer Contact Information | 5 years | Electronic |
Sales Records | 7 years | Electronic | IT and Technology |
System and Application Log | 1 year | Electronic |
Backup Data | 1 year | Electronic | Security and Incidents |
Incident Reports | 5 years | Electronic | Research and Development |
Research Data | 5 years | Electronic |
Intellectual Property Records | IP Duration + 5 years | Electronic |
8. Financial Incentive Notice
CCPA Financial Incentive Notice. IDMERIT offers programs, benefits, and other offerings to consumers related to the collection, retention, or sale of Personal Information that may be deemed a “financial incentive” or “price or service difference” under the CCPA. These offerings may involve collecting the following categories of Personal Information from customers who participate: identifiers, customer records, protected class and demographic information, commercial information and preferences, internet or other electronic network activity information and device information, audio, electronic, visual, or other sensory information, and inferences. We are providing you with this information so that you may make an informed decision on whether to participate in our programs. Examples of the programs we offer include:
- IDMERIT Rewards Program: IDMERIT may also feature a reward/loyalty program where customers can earn rewards, accumulate points on purchases, access exclusive promotions, and be the first to know about new products and limited releases. IDMERIT members can also receive promotional offers such as free products or services, discounts, coupons, and opportunities to participate in other promotions. As part of the IDMERIT program, we may collect Personal Information, such as your name, social security number, email address, phone number, and date of birth. No purchase is required to become a IDMERIT member and you can read the material terms of the program by visiting [link to loyalty program terms]. For more information on how to sign-up, please visit [link loyalty terms or sign-up page]. You may cancel your membership at any time by contacting IDMERIT at [IDMERIT loyalty program email address] or via [IDMERIT loyalty program contact link]. Our good-faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
- Surveys: We may also offer our customers opportunities to participate in surveys. In exchange for participation, you may be offered a financial incentive, such as a discount or a coupon. As part of these surveys, we may collect Personal Information, such as your name, preferences, experiences, beliefs, opinions, and other responses to the survey questions. Participation in surveys is governed by the applicable terms and conditions for the survey, which will also describe any financial incentives associated with that survey and how to participate. You can terminate participation at any time as is or will be explained in the survey terms. Our good-faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
- Limited Time Promotions: From time to time, we may offer incentives limited to a specific time period, such as limited-time contests and other promotions. In exchange for your participation in these promotions, you may be offered a financial incentive, such as a prize, discount, or coupon. As part of these limited-time promotions, we may collect your Personal Information, such as your name, email address, and phone number. Participation in a limited-time offer or promotion is governed by the applicable terms and conditions for the limited-time promotions, which will also describe any financial incentives associated with the promotion and how to participate. You can terminate participation at any time as will be explained in the promotion terms. The value of your Personal Information will be disclosed in the promotion terms.
- One-Time Promotions: In addition to the programs identified above, we may also offer you onetime percentage off coupons, discounts, or other promotions from time to time, such as when you provide us your email address and agree to receive marketing emails in exchange for a one-time promotion. Such offers may not be available at all times. The amount and terms of such offers will be presented to you at the time of the offer. You can terminate participation at any time by contacting us at [phone number]. Our good-faith estimate of the value of your Personal Information is the value of the benefit we offer to you. We have calculated such value by using the expense related to the benefit.
By participating in any of the above promotional programs, you agree that the benefits are reasonably related to the value of the Personal Information collected and retained.
Participation in IDMERIT’s promotional programs is always optional, and you can terminate program participation at any time as explained in the applicable program terms. You can also contact us at [email address for loyalty program or URL] to unsubscribe or cancel your participation in any program.
9. Privacy Policy Review and Updates
This policy will undergo an annual review to ensure that it reflects any changes in our privacy practices. Additionally, periodic revisions may occur as needed to incorporate any alterations.
10. How to Contact Us
You may submit a request to exercise your rights to your Personal data on our “Contact Us” page or by emailing us at legal@idmerit.com.
If you have any questions, comments or complaints about our privacy practises, please email us at legal@idmerit.com or write to us at:
IDMERIT LLC
Legal Department
5838 Edison Pl Suite 210
Carlsbad CA 92008, USA