At Freedom ID, when we verify an identity or carry out checks related to an identity, or provide user authentication services (our “Identity Services”), we’re committed to protecting the privacy and security of that identity.
The Information We Collect and How We Use It
To provide our Identity Services, we need to collect certain information about our clients’ users. The exact information needed depends on the check that’s being carried out or the service being provided on behalf of our client.
When verifying the identity of a user, we’ll ask for, or may otherwise gather certain information:
If the user is successful on both the document and facial verification checks, Freedom ID’s client will likely consider the user to have proven their identity.
In some cases, we may also further check whether we have previously verified you on behalf of a specific client by comparing the picture of your face to the pictures previously provided by that client. This helps our client not only verify your identity but further protects them and you by helping them understand when a user may be generating multiple identities.
To do all of this, we might in some circumstances closely examine some of the information mentioned above that’s contained in the images, including the machine-readable data (such as an identity document’s barcode) and the image metadata (such as the name of the camera model used to take the image).
How We Collect Your Personal Information
We collect personal information from the following sources.
Agencies are organizations that have asked Freedom ID to verify an identity or carry out checks related to that identity. Once we have verified an identity or run a check, we share the results with the agencies in a Freedom ID Report. The agency then decides how they want to proceed with the user based on the results. In some cases, the client might ask for additional information before making a decision. Also, some agencies only ask us to carry out a check if an earlier check was passed or not passed. This ensures we only do the minimum number of checks needed.
2. You, The User
Users are individuals whose identities we verify or otherwise check on behalf of our clients. We collect users’ information from clients or directly from you, the user or the device you use to access our services.
Sometimes, we receive information we don’t need to provide our Identity Services. For example, instead of a picture of their identity document, a user might upload a completely unrelated image. When this happens, we seek to delete this data.
3. Data Providers
Data providers are used to provide additional information when our clients require specific checks about users. For example, if we need to verify a user’s right to drive, we might ask for additional information from the appropriate governmental agency. We also keep logs of how our clients, users, and data providers interact with our Identity Services. This might include timestamps of when the information was submitted to Freedom ID, and information about the device used to submit that information.
Using Personal Information for our Identity Services
At Freedom ID, our mission is to safeguard refugees and those providers of accommodation and other services to those refugees by verifying identities. To do this, we use the information we collect for our own internal use to improve and develop our services.
Passing a Freedom ID Check
If we’re able to verify your identity and you are able to pass all requested checks, we notify the agency who can then continue with their onboarding process.
Not Passing a Freedom ID Check
If we’re unable to verify your identity or you aren’t able to pass all requested checks, we recommend to the agency that they conduct additional checks before continuing with the onboarding process. We sometimes help with those additional checks too.
Developing our Identity Services
To further develop our Identity Services, we train our computers to recognize specific patterns in information and make predictions about new sets of information based on those patterns. This is known as machine learning. We’ve gathered a substantial and unique set of images from around the world, from which we can train our machine learning models to locate and extract the information in documents, to detect fraudulent documents, and to engage in facial verification.
We also train our human analysts to perform those tasks so they can assist when our machine learning models aren’t best suited for the task or are still learning. Sometimes, we’ll also re-run and re-submit checks to ensure our Identity Services are working properly, particularly when testing a new feature or service for quality assurance. Together, these developments help make Freedom ID’s Identity Services stronger and safer for all clients and users.
The Basis for our Processing
We use information to provide and maintain our Identity Services on behalf of clients on the basis that the user has consented to the processing or otherwise requested Identity Services, the client has a legitimate or lawful reason for requesting Identity Services, or the processing is necessary to carry out a task in the public interest or for reasons of substantial public interest.
Using Personal Information for Our Own Purposes
We may also use your personal information for our own purposes, including to:
Facial Biometric Comparison
When providing our Identity Services, we will frequently extract and compare numerical biometric data from facial images to understand whether two faces are likely to be a match. We do this on behalf of our clients for several reasons. Primarily, we will check whether a user owns their identity document by comparing an image of their face to the facial image contained in the identity document. We will also check whether those facial images show signs of fraud - for example, by comparing a person’s numerical biometric data to those of known masks. . We process this data with your consent which you can withdraw at any time, but we may not be able to complete our checks if you do. You can withdraw your consent by emailing us at: email@example.com
In addition, we may also check whether we have previously verified a user on behalf of a specific client to help that client understand when a user may be generating multiple identities. To find out if the user is known to a specific client, we compare the facial image of the user to the facial images of other users previously verified on behalf of that specific client. To provide this check quickly, we store the numerical biometric data extracted from the previously collected facial images for as long as our client directs or until the client requests the deletion of those original images.
Lastly, for our authentication service, we maintain a facial image for each of our client’s users. For each authentication attempt, we will capture a new facial image from the user and compare this to the one we hold for them. If the two images match, the authentication is confirmed. The facial image we retain for each user is in the form of numerical biometric data and we store this numerical biometric data for as long as our client directs or until the client requests the deletion of those original images.
Automated Decision Making and Freedom ID Reports
When we verify an identity or carry out a check on behalf of a client, we provide a Freedom ID Report to that client. This Freedom ID Report details our recommendation and the reasoning behind it. The reasons are generated from the different machine learning models and human powered processes that are used to verify an identity or perform a check.
By providing our clients with these detailed Freedom ID Reports, our aim is to empower our clients to make informed decisions about users and to provide specific help to users that are having difficulty in passing a Freedom ID check.
Sharing Information Outside Freedom ID
As well as sharing information with clients, users, and data providers (as described above), Freedom ID also shares information with external parties that are performing tasks on our behalf (including sub-contractors or our affiliates) and with other companies, organizations, government bodies, and individuals outside Freedom ID where we have a legitimate legal reason for doing so (for example, in connection with any merger or acquisition or to comply with a court order) or where we have been instructed to share the information on behalf of our clients.
For example, if a client has configured the Identity Services to check whether an identity document has been previously identified as lost, stolen, fraudulent, or otherwise compromised by a government or other external party, Freedom ID may share that compromised identity document on behalf of that client, and the government or other external party may retain a copy to the extent they consider it necessary, proportionate, and lawful. Under the instruction of clients and as permitted by applicable law, as an example Freedom ID may share identity documents with the UK Metropolitan Police as part of their Amberhill Database for such purposes.
We seek to protect appropriately the information we share by imposing contractual privacy and security safeguards on the recipient of the information. This is particularly important in cases where the recipient is located in a country that has different or lesser privacy laws than those of the country where the information was originally collected. In some cases, however, it’s not possible for us to do so — for example, when we have a legal obligation to disclose information to a government authority and that government authority isn’t willing to enter into such contractual safeguards (such as the United Kingdom International Data Transfer Agreement or the European Union’s European Commission-approved Standard Contractual Clauses).
Freedom ID takes appropriate administrative, physical, technical and organizational measures designed to help protect information about users from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. For more information about information security at Freedom ID, please visit the Guide to Security at Freedom ID. If you think you have identified a security vulnerability or bug in our Identity Services, please report it to the Freedom ID security team at firstname.lastname@example.org.
We perform our Identity Services on behalf of our clients for a variety of different reasons. Those reasons are identified by our clients, and we rely on them to tell us when they no longer need us to store the information we’ve collected on their behalf. Once instructed, either through our agreement with the client or through an ad hoc request, we delete the information we have collected about users when performing the requested Identity Services.
If you, as a user, would like to make a specific request to have your information deleted, please make that request directly to the client that carried out your related check. For more information about how to do this, please see below under “Your Rights”.
Where we have a legitimate legal reason, we may also store information for longer than described above – for example, where we are under a binding legal order not to destroy information.
You have rights with respect to your data. For data for which we are processor, you should contact the relevant client who has requested those services. For data for which we are a controller, you should contact us.
If you would like to access a copy of, delete, or otherwise exercise your rights over your personal information (including the rights to correct your personal information, withdraw consent to processing, object to processing, restrict processing, obtain information about safeguards applicable when your data is transferred out of Europe), please contact Freedom ID at email@example.com, or the postal address below.
You may also have the right to complain to the relevant supervisory authority in your country.
Please be aware, for most requests Freedom ID will direct you to send your request directly to our client, as the entity ultimately responsible for your personal information and we may need to notify the relevant client (as described above in the Freedom ID Identity Lifecycle) so the client (and not Freedom ID) may fulfill or instruct us to fulfil the request. This is necessary where Freedom ID is acting on the client’s behalf as a data processor. In the limited circumstances where we act as a data controller, we will handle your request.
Government and Law Enforcement Requests
As Freedom ID provides its Identity Services on behalf of its clients, Freedom ID will not disclose any information related to a specific check pursuant to a government or law enforcement request unless at the direction of a client or if there is a binding legal order to do so. This is necessary for us to comply with our legal obligations. Any government or law enforcement body requesting information related to a specific check may contact us at firstname.lastname@example.org, and we will seek to put you in contact with the relevant client.
If you would like more information about how Freedom ID collects and uses personal information, please contact Freedom ID at email@example.com