Privacy Notice

SmartSearch’s Privacy Notice – last updated 16th September 2024

This Privacy Notice provides information about how we collect, use, store, process and share any personal data we collect from or about you. Please read this Privacy Notice carefully to understand how we treat your personal data, when you are using our website or our online services.

Corporate information of the SmartSearch Group

We are the SmartSearch Group (referred to as “we, “us”, “our” or “SmartSearch”):

• SmartCredit Limited (company number 05534508), a company registered in England at Mayfield House Lower Railway Road Ilkley LS29 8FL; or

• SmartSearch BV (company number 862372720) a company registered in the Netherlands at , or

• SmartSearch US, Inc (company number 803373572) a company registered in Delaware, United States.

What does the SmartSearch Group do?

SmartSearch provides anti-money laundering and identity verification solutions to companies who are SmartSearch’s customers (“Company”).  Our services allow our customers via our web based platform to do business with their clients who may be individuals (“you” or “End User”) or companies and assist them in facilitating identity verification and anti money laundering documentation checks (“Verification Checks”).

In performing the Verification Checks, the Company will ask you for certain information in order for us to carry out the Verification Checks. This information will be shared with third party data providers (“Data Providers”) who will use it to prevent fraud and anti money laundering and verify your identity or documentation. We will then send a report detailing the results of the Verification Checks with the Company who will make a decision on how to proceed with you. For more information on how that Company will use and store your personal data please refer to the Company’s privacy notice.

SmartSearch’s commitment to data privacy

SmartSearch has implemented appropriate technical and organisational security measures in order to meet our commitment to protecting and respecting the personal data and privacy of individuals (referred to as “you”, “your” or “End User”). We are committed to our privacy obligations under the EU General Data Protection Regulation (“EU GDPR”), UK GDPR, US Privacy laws, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Act (“CPRA”) and related privacy rules (“Data Protection Laws”). We are the data controller as defined by UK GDPR.

This Privacy Notice explains the following:

1. Who are we and how can you contact us?

2. What kinds of personal data do we collect, and how?

3. What do we use personal data for?

4. What are our legal grounds for handling your personal data?

5. Who do we share your personal data with?

6. Where in the world is the personal data sent and stored?

7. For how long is my personal data retained?

8. Do we make automatic decisions about you or profile you using your personal data?

9. What rights do you have in relation to the personal data we hold about you?

10. Security

11. How do we process your biometric information?

12. Who can you complain to if you are unhappy about the use of your personal data?

13. Additional information for California residents

14. Changes to this Privacy Notice

Our website and online services are not intended for children and we do not knowingly collect data relating to children.

1. HOW CAN YOU CONTACT US?

You can contact us about issues relating to your personal data, including the contents of this notice, by any of the following methods:

Post:  F.A.O Data Protection Officer at either;

SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR  SmartSearch BV,  Strawinskylaan 1457,  1077XX Amsterdam, The Netherlands; OR SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA

Email:  dpo@smartsearch.com

Telephone: 0113 238 7660; or +1 855 933 6265 or +31203082329

2. WHAT KINDS OF PERSONAL DATA DO WE COLLECT, AND HOW?

We collect personal data about you from your interactions with us, e.g. filling forms on the site or by corresponding with us (for example by email or chat) and from certain third parties and other sources (such as from publicly available sources where permissible). We have set out below the types of personal data we will collect:

If you are a website user:

• Name and contact details; such as first and last name, email address, postal address, phone number and other similar contact data

• IP address

• Information about the device you are using to access our websites; such as the type of device, its operating system type, device ID, browser, and what cookies are on it

• Information about your use of our websites; such as what pages you have visited and what content you have downloaded

If you are an End User:

• Name and contact details; such as first and last name, email address, postal address, phone number

• Personal identification numbers; such as your social security number or national insurance number.

• Family circumstances information; your marital status and dependants if you are a PEP or a close associate of a PEP.

• Employment or role details; for example the organisation you work for, public roles (including political, diplomatic, religious, judicial, military and trade union roles), your job title and education history.

• Professional and personal affiliations; organisations and individuals that you may be associated with in your professional or personal capacity.

• Financial information relevant to understanding your income or wealth; for example bank accounts, bankruptcy or insolvency fillings.

• Your inclusion (if any) on sanctions lists or on public lists of disqualified directors or other positions of responsibility.

• Public domain data about actual or alleged money laundering or terrorist financing crime.

• Information about our dealings with you; such as what information we have sent you, who in our organisation knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video.

• Information including digital content uploaded via secure link that has been sent to you by the Company, photos (selfies and liveness checks for ID verification), documents (for document verification such as passports, driving licence, national ID card or residence permits).

• Biometric data (special category data and sensitive personal information) comprising an electronic comparison of selfie and ID document photo, as further described in Section 11 below.

We may also receive information about you from third party service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges. We may also receive personal data from third party social media services such as Google, LinkedIn and Facebook, or other commercially available sources. We do not control the information on you that such networks obtain, or the technology they use to do so. We may also record calls with you for quality and training purposes.

Some of the personal data we may collect about you may be classified as “special category data” or “sensitive personal information”, as defined in the Data Protection Laws. We will only collect and use this information if the Verification Check requires it and the Data Protection Laws allow us to do so and will take extra care with this data. We generally process special category data for reasons of substantial public interest on the basis of applicable law. Special categories of data reveal information about:

•                    Physical and mental health;

•                    Sexual orientation;

•                    Racial or ethnic origin;

•                    Political opinions;

•                    Religious and/or philosophical beliefs;

•                    Trade union memberships;

•                    Criminal convictions and offences;

•                    Genetic and biometric data (please see Section 11 below for further details);

•                    Health data including gender.

The Company may request us to carry out the following Verification Checks, therefore the data that will be requested from you will depend upon the Verification Check we are asked to perform:

•                    ID verification

•                    Documentation verification (which may include NFC)

•                    Mortality check

•                    International PEP check

•                    International sanctions check

•                    Ultimate beneficial owner check

•                    Source of Funds

Collecting personal data as a data processor

We process personal data of our customers as a data processor without reviewing the content or origin of such personal data. We may collect, store and process such personal data on our customers’ behalf and at their direction. Our customers who use the services in this way are the data controllers and are responsible for obtaining consents and the privacy notice required for collection and use of such information.

Cookies and “Do Not Track” Signals

We use cookies and other/or tracking technologies to distinguish from other users of our sites and to remember your preferences. This help us to provide you with an optimum user experience when you browse our site and allows us to improve our site on an ongoing basis. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choice regarding our use of your cookies, see our cookie policy.

Your browser may offer a “Do Not Track” (DNT) option, which generally signals to operators of websites that you do not wish your online activities to be tracked over time and across different websites. Since not all browsers offer DNT and currently there is no industry consensus as to what constitutes a DNT signal, we do not respond to DNT requests at this time.

3. WHAT DO WE USE YOUR PERSONAL DATA FOR?

This section explains the purposes for which we use your personal data.

Marketing

We use your personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items, whitepapers, case studies and blog posts, or in administering any prize draws that you are offered and elect to enter. We may contact you to ask you to confirm or update your choices, such as when there is a change in the law or the structure of our business. We might contact you for marketing purposes through various channels such as by email, telephone or post.

You can withdraw from marketing at any time by either using the relevant unsubscribe button in our emails, or by contacting us using the details above.

If you are an End User we will not send you any marketing communications of any kind.

Provision of services, including administration and management of our records

If you are a Company or a representative of a Company we use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you and/or your representatives. This could include activities such as letting you know about product changes or planned maintenance activity, contacting you with billing enquiries, inviting you to events and webinars, dealing with your enquiries, retaining records of your instructions and telephone calls, responding to any data rights you invoke, or asking you about what sorts of products you want us to develop.

Monitoring and improving our websites

We use information such as how you navigate around our websites, how long you spend on particular pages, whether you download any of our content (including product brochures, white papers and so on), in order to help improve the user experience of our websites. We may also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which can be based on your activity on our websites. We can do this ourselves or appoint an agency to do this on our behalf.

To protect our rights

We may use your personal data as we believe to be necessary or appropriate in order to protect, enforce, or defend the legal rights, safety, or property of us, our employees, agents and contractors; protect against fraud and other unlawful activity; to comply with and enforce the law or legal process; or to respond to requests from public and government authorities, to the extent permitted by applicable law.

4. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA?

Under the Data Protection Laws, we must have a legal basis for using your personal data. The law allows the use of personal data where the processing is necessary for a legitimate interest pursued by us or a third party and this interest is not outweighed by the interests, fundamental rights or freedoms of data subjects.

This is commonly referred to as the ‘Legitimate Interests’ condition for personal data processing.

5. WHO DO WE SHARE THE INFORMATION WITH?

We may make your personal data available to third party services providers, such as contractors, agents or sponsors, who help us manage or provide our products and services. For example:

·       We might use a third party email transmission service in order to send you marketing emails;

·       Credit reference agencies; Fraud prevention agencies who will use your personal data to prevent fraud and money-laundering and to verify your identity; our data providers are Equifax, Experian, Trans Union, Dow Jones, TrustID and Verifai. Please see their individual privacy polices that apply to your data shared with them.

·       Companies who are carrying out Verification Checks on You may also have their own privacy notices providing information about how they process any personal data they hold about you. In such cases, please contact them for further information.

·       We might use a printing company to produce and send personalised direct mail;

·       Our database of personal data may be held by third parties on our behalf;

·       We might use a third party to process payments and deliver subscriptions, or

·       Service providers acting as processors based in England & Wales to provide IT and system based administration services.

·       Hubspot, our current customer relationship management system. Please see their individual privacy polices that apply to your data shared with them.

These third party service providers are required to protect personal data entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf.

In some circumstances, we may be legally required to share your personal data, for example if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We may also transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. At all times, we take steps to ensure your privacy rights continue to be protected as per this Privacy Notice.

6. WHERE IN THE WORLD IS THE INFORMATION SENT AND STORED?

Within Europe

We are based in the United Kingdom, The Netherlands and the United States will normally access and use your information from each of those locations as appropriate. We will usually store your personal data on secure servers in the relevant jurisdiction, and will seek to protect your personal data by limiting access to your personal data to those employees, agents, contractors and other third parties with a legitimate need to know and ensure that they are subject to duties of confidentiality. We also have in place procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the relevant data protection authority where we are legally required to do so.

If instances arise where we transfer your personal data to countries outside of the European Economic Area (“EEA”), we will take appropriate steps to ensure the personal data is afforded the same level of protection as described in this Privacy Notice. For example, we may rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the EEA.

7. FOR HOW LONG IS MY PERSONAL DATA RETAINED?

We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter, but in any event upon expiration of the relevant statutory retention periods.  For additional information about how we store your biometric information, please refer to Section 11 below.

8. DO WE MAKE AUTOMATIC DECISIONS ABOUT YOU OR PROFILE YOU USING YOUR PERSONAL DATA?

We use certain profiling techniques in order to help us to understand you and your needs. This in turn helps us to understand which products and services you might be interested in. We do not use automated decision-making or profiling to make any decisions about you.

9. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

You may have different rights in relation to the personal data that we hold about you, depending on your location and jurisdiction of residence. Rights which may be available to you are briefly described below, please contact us for further information or if you’d like to exercise a right that applies to you .

Right of access:

You have a right to find out what personal data we hold about you, and to a copy of any personal data processed about you.

Right to rectification:

If you believe that the information that we hold about you is inaccurate, incomplete or out of date, you have a right to get it corrected.

Right to request deletion:

If you want us to delete your personal data, you can ask us to do so at any time. The circumstances when deletion can apply include when we no longer need it to meet a lawful basis for processing unless that basis is consent and you withdraw your consent, or you object to the processing, or the processing is unlawful. However, certain exclusions apply – where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.

Right to request restriction:

You can ask us to restrict our use of your personal data in some circumstances:  a) if you want us to establish the data’s accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to object to processing:

You may request that we stop processing information about you. Upon considering your request we will let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights, or to bring or defend legal claims.

Right to withdraw consent:

This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time. Please note that if you withdraw your consent then this does not affect the lawfulness of any processing that has already occurred. Where your consent is needed in connection with a Verification Check, then revocation of your consent could result in delays to the check being completed.

Right to data portability:

You have the right to ask us to provide your personal data to another data controller or third party service provider. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Rights related to automated processing:

Where this processing produces legal effects or significantly affects you, you can object to this processing unless the processing is necessary as part of our contract or is required by law.

10. SECURITY

We use commercially reasonable physical, electronic, and procedural safeguards designed to protect your personal information against loss or unauthorized access, use, modification, or deletion. However, no security program is foolproof, and thus we cannot guarantee the absolute security of your personal information or other information.

 11. HOW DO WE PROCESS YOUR BIOMETRIC INFORMATION?

This Section explains and describes when and how we collect, process and retain biometric or genetic information that is used to uniquely identify you (“Biometric Information”).

“Biometric Information” includes: (i) “Biometric Identifiers,” as defined under the Illinois Biometric Information Privacy Act, the Texas Capture or Use of Biometric Identifier Act, Wash. Rev. Code §19.375.010, or other applicable local, state, or federal laws (collectively, “U.S. Laws”); (ii) “biometric data” as defined in the CCPA, as amended by the CPRA; and (iii) “biometric data” as defined under EU GDPR and the UK GDPR.

Biometric Information includes data generated by measurements of your biological characteristics, such as your retina or iris scan, fingerprint, voiceprint, or a scan of the geometry of your hand or face, and information based on these that can be used to identify you.

We may process the following kinds of Biometric Information:

•                    Photographic data from which in the form of a selfie or an ID document photo from which a geometrical comparison of your facial biometrics can be extracted

•                    A numerical representation of your facial geometry

Depending on the Verification Check we have been asked to perform by a Company, we may engage select service providers to generate or otherwise process your Biometric Information on our behalf, including in order to generate an electronic comparison.

We process Biometric Information for the following specific purposes:

•                    To verify your identity

•                    To assist the Company in complying with its legal and regulatory obligations

•                    To prevent fraud or identity theft

•                    To assist with sanctions compliance

•                    To meet anti-money laundering and anti-terrorist financing obligations

We do not sell, lease, or trade your Biometric Information.

We generally only retain Biometric Information that we collect or process for a maximum of 30 days, at which time it is permanently deleted. Our service providers do not store any Biometric Information beyond this period.

12. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact with us in the first instance so that we can investigate your concerns. Please contact us using these details:

•            Post: SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR

•            SmartSearch BV,  Strawinskylaan 1457,  107XX Amsterdam, The Netherlands; OR

•            SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA

•            Email: dpo@smartsearch.com

•            Telephone: 0113 238 7660, +1 855 933 6265 or +31203082329

 

You also have the right to lodge a complaint with the relevant data protection authority.  In the UK you can do this online through the ICO’s website at www.ico.org.uk or by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. In the Netherlands you can do this by writing to Dutch Data Protection Authority at Autoriteit Persoonsgegevens PO Box 93374 2509 AJ DEN HAAG The Netherlands or by telephone (+31) 70 888 85 00.

13. ADDITIONAL INFORMATION FOR CALIFORNIA STATE RESIDENTS

This section describes our collection, use, disclosure, sale, and sharing of the personal information of California residents. In this section, the terms “sell”, “share”, “business purpose” and “personal information” are defined by the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Act (“CPRA”).

Section 9 above contains information on the rights you may have as a California resident. If you wish to exercise your rights, you may do so by getting in touch with us using the contact information made available in Section 12.

Your personal information is collected directly from interactions with end users and website visitors and from certain third parties and other sources (such as from publicly available sources where permissible).  Third party sources include service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges, as well as social media services such as Google, LinkedIn and Facebook, or other commercially available sources. A full list of the categories of personal information and sensitive information that we process can be found in Section 2 and Section 11 above.

The personal information of California residents is only processed for the following business purposes:

·       Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.

·       Debugging to identify and repair errors that impair existing intended functionality.

·       Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.

·       Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.

We do not sell or share the personal information of any California resident.

How long is your personal information retained?

We retain personal information in accordance with our retention policies. For more information on how long we retain personal information, see Section 7 and Section 11 above.

14. CHANGES TO THIS PRIVACY NOTICE

We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and what we do with it. As a result, we may change this Privacy Notice from time to time to keep it relevant and up to date.

Any changes will be immediately posted on our websites and we recommend that you check this page regularly to keep up to date. This Privacy Notice was last updated on 16th September 2024.

See it in action

Let one of our highly-trained sales team demonstrate the multi-award winning SmartSearch AML product

Get a free demo