Scytáles Protection of Personal Data
Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of the App, such as personal data, payment data, geolocational information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies.
Your Privacy Rights at Scytáles
At Scytáles, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. To exercise your privacy rights and choices including where a third-party service provider is acting on Scytáles’s behalf, contact us at firstname.lastname@example.org.
There may be situations where we cannot grant your request—for example, if you ask us to delete your transaction data and Scytáles is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical.
Protection of Personal Data at Scytáles
At Scytáles, we believe that your personal data deserves to be protected. We use administrative, technical, and physical safeguards to protect your personal data in accord with international governmental and industry standards, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure. When personal data is transmitted to Relying Parties, it is protected with encryption, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. The use of encryption technology means that only the Relying Party will be able to access your personal data, and only after you have consented to providing certain personal data to the Relying Party.
To make sure your personal data is secure, we communicate our privacy and security guidelines to Scytáles employees and strictly enforce privacy safeguards within the company.
Personal Data Collected by Scytáles
At Scytáles, we strive to collect only the personal data that we need. The personal data Scytáles collects depends on how you interact with Scytáles. When you user our applications or activate a product or device, or otherwise interact with Scytáles, we may collect a variety of information, including:
Account Information. Your account identification information and related account details, including email address, devices registered, account status, and age.
Mobile Device Information. Data from which your mobile device could be identified, such as device serial number, or about your mobile device, such as browser type, type of mobile device, advertising identifier (“IDFA” or “AdID”), operating system and version, mobile carrier, network type (WiFi, 3G, 4G, LTE), and mobile device integrity information.
Contact Information. Data such as name, email address, physical address, phone number, or other contact information.
Payment Information. Data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information.
Transaction Information. Data about purchases of Scytáles products and services or transactions facilitated by Scytáles, including purchases through Scytáles’s applications, websites and requests by third-parties, including Relying Parties, that you approve sharing your information with.
Usage Data. Data about your activity on and use of our offerings, such as product interaction, crash data, performance and other diagnostic data, and other usage data.
ID Data. Data from your identification documents, including government identification documents, including your name, e-mail address, physical address, phone number, driver’s license number and information, portrait image, date of birth and other information that the Issuer of such identification documents considers part of your identity record.
Other Information You Provide to Us. Details such as the content of your communications with Scytáles, including interactions with customer support.
You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have.
Personal Data from Other Sources
Scytáles may receive personal data about you from issuers of identification documents, including governmental identification documents, from businesses or third parties acting at your direction, from our partners who work with us to provide our products and services and assist us in security and fraud prevention, and from other lawful sources.
Issuers. With your permission, Scytáles may collect data about you from Issuers so that you can be provided with a mobile identification or mobile driver’s license (“mID/mDL”).
At Your Direction. You may direct other individuals or third parties to share data with Scytáles. For example, you may direct Relying Parties to share information with Scytáles regarding your request to prove your identity to such Relying Parties.
Scytáles Partners. We may also validate the information you provide with third parties for, for example for security and fraud-prevention purposes.
Scytáles’s Use of Personal Data
Scytáles uses personal data to provide our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent.
Scytáles uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Scytáles may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions about the legal basis, you can contact us at email@example.com.
Provide Our Services. Scytáles collects personal data necessary to provide our services, which may include personal data collected to improve our offerings, for internal purposes such as auditing or data analysis, or for troubleshooting. For example, if you would like to keep your mID/mDL on your mobile device and use it to prove your identity to Relying Parties, we collect data from you and your Issuer in order to provide you with such service.
Process Your Transactions. To process transactions, Scytáles must collect data such as your name, purchase, and payment information.
Communicate with You. To respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or request information or feedback. From time to time, we may use your personal data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Scytáles, you may not opt out of receiving these important notices. You may, however, opt out of marketing or newsletter communications by either following the directions in the email or by contacting us at firstname.lastname@example.org.
Security and Fraud Prevention. To protect individuals, employees, and Scytáles and for loss prevention and to prevent fraud, including to protect individuals, employees, and Scytáles for the benefit of all our users.
Comply with Law. To comply with applicable law, for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.
In an ongoing effort to better understand our users, our applications, and our products and services, we may analyze certain personal data in anonymized and aggregate form to operate, maintain, manage, and improve the application and/or such products and services. This aggregate information does not identify you personally. We may share and/or license this aggregate data to our affiliates, agents, business partners, Issuers, and other third parties. We may also disclose aggregated user statistics to describe the application and these products and services to current and prospective business partners and investors and to other third parties for other lawful purposes.
We will not sell, rent, or lease your personal data. We will not make your personal data available to other third parties except as set forth herein.
Scytáles will retain your personal data that we have collected during the time that you are a customer or are doing business with Scytáles, and for a period of two years thereafter, unless you opt-out of our doing so either via the in application prompts, or by contacting us at email@example.com.
Scytáles’s Sharing of Personal Data
Scytáles may share personal data with Scytáles-affiliated companies, service providers who act on our behalf, our partners, Issuers, others at your direction, or as required. Scytáles does not share personal data with third parties for their own marketing purposes.
Partners. At times, Scytáles may partner with third parties to provide services or other offerings. For example, in order to provide security verification, Scytáles may work with partners for liveness verification. Scytáles requires its partners to protect your personal data.
Issuers. Scytáles may share personal data with the Issuers of the identification documents that enable you to access the mID/mDL, such as if you request that we notify your driver’s license issuing authority with an update of your current address.
Others. Others at your direction or with your consent, such as when you request that we share certain identification information with third parties in order to verify your identity.
As Required. We may also disclose information about you if we determine that for purposes of law enforcement or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a reorganization, merger, or sale.
Children and Personal Data
Scytáles offerings are not directed to children under the age of 13. We will not knowingly collect any personal data from any child under the age of 13. We ask that minors (under the age of 13) not use our applications or services. If a child under the age of 13 has provided us with personal data, a parent or guardian of that child may contact us and request that such information be deleted from our records.
Transfer of Personal Data Between Countries
Scytáles complies with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be. The Scytáles entity that controls your personal data may differ depending on where you live. Personal data relating to individuals in the European Economic Area, the United Kingdom, and Switzerland is controlled by Scytáles AB in Sweden. Scytáles’s international transfer of personal data collected in the European Economic Area, the United Kingdom, and Switzerland is governed by Standard Contractual Clauses.