top of page

Scytáles Privacy Policy

Scytáles’s Privacy Policy describes how Scytáles collects, uses, and shares your personal data.  In addition to this Privacy Policy, we provide information regarding privacy in our applications for features that ask to use your personal information.

Please read this Privacy Policy and contact us if you have any questions at [email protected].

Please note that this privacy policy adheres to the EU-U.S. DPF Principles and UK Extension to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom.

Scytáles Protection of Personal Data

At Scytáles, we believe strongly in fundamental privacy rights, and that privacy rights should not differ based on where you live.  That’s why we treat any data that relates to an identified or identifiable individual or that is linked or linkable to them by Scytáles as “personal data,” no matter where the individual lives. This means that data that directly identifies you, such as your name, is personal data, as well as data that does not directly identify you, but can reasonably be used to identify you, such as your device serial number, is personal data. Aggregated data is considered non personal data for the purposes of this Privacy Policy.

This Privacy Policy covers how Scytáles or one of its subsidiaries (collectively, “Scytáles”) handles personal data however you interact with us.  Scytáles provides applications and services that allow for you to securely prove your identity using identification information provided from an issuer, such as a driver’s license issued by your state or country of residence (the “Issuer”) in order to interact with third parties either in-person or via websites (“Relying Parties,” or individually a “Relying Party”).  Scytáles’s applications may allow for interactions with third parties such as Relying Parties.  Scytáles may also link to third parties through our websites or applications. Scytáles’s Privacy Policy does not apply to how third parties, including Relying Parties, define personal data or how they use it. We encourage you to read their privacy policies and know your privacy rights before interacting with them.

Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of the App, such as personal data, payment data, geolocational information, and other usage-based data.  We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies.

Your Privacy Rights at Scytáles

At Scytáles, we respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. To exercise your privacy rights and choices including where a third-party service provider is acting on Scytáles’s behalf, contact us at [email protected].

You have the right to access the personal data that Scytáles holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of law, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.

There may be situations where we cannot grant your request—for example, if you ask us to delete your transaction data and Scytáles is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical.

Protection of Personal Data at Scytáles

At Scytáles, we believe that your personal data deserves to be protected.  We use administrative, technical, and physical safeguards to protect your personal data in accord with international governmental and industry standards, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure. When personal data is transmitted to Relying Parties, it is protected with encryption, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols.  The use of encryption technology means that only the Relying Party will be able to access your personal data, and only after you have consented to providing certain personal data to the Relying Party.  

To make sure your personal data is secure, we communicate our privacy and security guidelines to Scytáles employees and strictly enforce privacy safeguards within the company.

Personal Data Collected by Scytáles

At Scytáles, we strive to collect only the personal data that we need. The personal data Scytáles collects depends on how you interact with Scytáles. When you user our applications or activate a product or device, or otherwise interact with Scytáles, we may collect a variety of information, including:

Account Information. Your account identification information and related account details, including email address, devices registered, account status, and age.

Mobile Device Information. Data from which your mobile device could be identified, such as device serial number, or about your mobile device, such as browser type, type of mobile device, advertising identifier (“IDFA” or “AdID”), operating system and version, mobile carrier, network type (WiFi, 3G, 4G, LTE), and mobile device integrity information.

 

Contact Information. Data such as name, email address, physical address, phone number, or other contact information.

 

Payment Information. Data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information.

Transaction Information. Data about purchases of Scytáles products and services or transactions facilitated by Scytáles, including purchases through Scytáles’s applications, websites and requests by third-parties, including Relying Parties, that you approve sharing your information with.

Usage Data. Data about your activity on and use of our offerings, such as product interaction, crash data, performance and other diagnostic data, and other usage data.

ID Data. Data from your identification documents, including government identification documents, including your name, e-mail address, physical address, phone number, driver’s license number and information, portrait image, date of birth and other information that the Issuer of such identification documents considers part of your identity record.

 

Cookies. We may use both session cookies, which expire once you close our application, and persistent cookies, which stay on your computer or mobile device until you delete them and other technologies to help us collect data and to enhance your experience with our offerings and applications. Cookies are small text files a browser or app can use to recognize a repeat visitor to our websites or applications. We may use cookies for various purposes, including to: (a) Customize for your type of mobile device; (b) personalize your experience; and (c) analyze which portions of our websites or applications are visited and used most frequently.  If you do not want us to deploy cookies in our websites or applications, you can opt out by setting your web browser and mobile device to reject cookies. You can still use our websites and applications if you choose to disable cookies, although your ability to use some of the features may be affected.

 

Other Information You Provide to Us. Details such as the content of your communications with Scytáles, including interactions with customer support.

You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have.

Personal Data from Other Sources

Scytáles may receive personal data about you from issuers of identification documents, including governmental identification documents, from businesses or third parties acting at your direction, from our partners who work with us to provide our products and services and assist us in security and fraud prevention, and from other lawful sources.

 

Issuers. With your permission, Scytáles may collect data about you from Issuers so that you can be provided with a mobile identification or mobile driver’s license (“mID/mDL”).

 

At Your Direction. You may direct other individuals or third parties to share data with Scytáles. For example, you may direct Relying Parties to share information with Scytáles regarding your request to prove your identity to such Relying Parties.

 

Scytáles Partners. We may also validate the information you provide with third parties for, for example for security and fraud-prevention purposes.

Scytáles’s Use of Personal Data

Scytáles uses personal data to provide our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We may also use personal data for other purposes with your consent.

Scytáles uses your personal data only when we have a valid legal basis to do so. Depending on the circumstance, Scytáles may rely on your consent or the fact that the processing is necessary to fulfill a contract with you, protect your vital interests or those of other persons, or to comply with law. We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations. If you have questions about the legal basis, you can contact us at [email protected].

Provide Our Services. Scytáles collects personal data necessary to provide our services, which may include personal data collected to improve our offerings, for internal purposes such as auditing or data analysis, or for troubleshooting. For example, if you would like to keep your mID/mDL on your mobile device and use it to prove your identity to Relying Parties, we collect data from you and your Issuer in order to provide you with such service.

Process Your Transactions. To process transactions, Scytáles must collect data such as your name, purchase, and payment information.

Communicate with You. To respond to communications, reach out to you about your transactions or account, market our products and services, provide other relevant information, or request information or feedback. From time to time, we may use your personal data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies.  Because this information is important to your interaction with Scytáles, you may not opt out of receiving these important notices.  You may, however, opt out of marketing or newsletter communications by either following the directions in the email or by contacting us at [email protected].

Security and Fraud Prevention. To protect individuals, employees, and Scytáles and for loss prevention and to prevent fraud, including to protect individuals, employees, and Scytáles for the benefit of all our users.

Comply with Law. To comply with applicable law, for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.

In an ongoing effort to better understand our users, our applications, and our products and services, we may analyze certain personal data in anonymized and aggregate form to operate, maintain, manage, and improve the application and/or such products and services. This aggregate information does not identify you personally. We may share and/or license this aggregate data to our affiliates, agents, business partners, Issuers, and other third parties. We may also disclose aggregated user statistics to describe the application and these products and services to current and prospective business partners and investors and to other third parties for other lawful purposes.

We will not sell, rent, or lease your personal data. We will not make your personal data available to other third parties except as set forth herein.

Scytáles will retain your personal data that we have collected during the time that you are a customer or are doing business with Scytáles, and for a period of two years thereafter, unless you opt-out of our doing so either via the in application prompts, or by contacting us at [email protected].

Scytáles’s Sharing of Personal Data

Scytáles may share personal data with Scytáles-affiliated companies, service providers who act on our behalf, our partners, Issuers, others at your direction, or as required. Scytáles does not share personal data with third parties for their own marketing purposes. 

Service Providers. Scytáles may engage third parties to act as our service providers and perform certain tasks on our behalf, such as processing or storing data, including personal data, in connection with your use of our services and delivering products to customers. Scytáles service providers are obligated to handle personal data consistent with this Privacy Policy and according to our instructions. They cannot use the personal data we share for their own purposes and must delete or return the personal data once they've fulfilled our request.

Partners. At times, Scytáles may partner with third parties to provide services or other offerings. For example, in order to provide security verification, Scytáles may work with partners for liveness verification.  Scytáles requires its partners to protect your personal data.

Issuers.  Scytáles may share personal data with the Issuers of the identification documents that enable you to access the mID/mDL, such as if you request that we notify your driver’s license issuing authority with an update of your current address. 

Others. others at your direction or with your consent, such as when you request that we share certain identification information with third parties in order to verify your identity. 

As Required.  We may also disclose information about you if we determine that for purposes of law enforcement or other issues of public importance, disclosure is necessary or appropriate. We may also disclose information about you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  We may also disclose information about you where there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the event of a reorganization, merger, or sale.

When sharing personal data with third parties (other than public authorities), Scytáles does so by contract and ensures that such data is only processed for the limited and specific purposes consistent with the consent provided, as well as with the same levels of protection as Scytáles itself would provide.  Scytáles accepts that, in certain circumstances, it may be accountable and liable for a failure by the third party to protect such personal data.

You have the opportunity to choose whether your personal data is disclosed to a third party so long as such a third party is not acting as an agent of Scytáles to perform tasks on behalf of and under the instruction of Scytáles.  You may do so either via the in-app prompts, or by contacting us at [email protected]

Children and Personal Data

Scytáles offerings are not directed to children under the age of 13. We will not knowingly collect any personal data from any child under the age of 13. We ask that minors (under the age of 13) not use our applications or services. If a child under the age of 13 has provided us with personal data, a parent or guardian of that child may contact us and request that such information be deleted from our records.

Transfer of Personal Data Between Countries

In order to be able to provide international identity verification, your personal data may be transferred to or accessed by entities around the world, including Scytáles-affiliated companies, to perform processing activities such as those described in this Privacy Policy in connection with your use of our products and services.  Please review our Terms of Use regarding the international use of our offerings and applications.

Scytáles complies with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.  The Scytáles entity that controls your personal data may differ depending on where you live. Personal data relating to individuals in the European Economic Area, the United Kingdom, and Switzerland is controlled by Scytáles AB in Sweden.

Scytáles Inc., in the United States, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Scytáles Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Scytáles Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Scytáles Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Scytáles Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).  Under certain conditions, you may be able to invoke binding arbitration against Scytáles Inc.  You can do so by following the procedures and conditions set forth in Annex I to the EU-U.S. DPF, available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Privacy Questions

If you have questions about Scytáles’s Privacy Policy or privacy practices including where a third-party service provider is acting on our behalf, you can contact us at [email protected]. You can also ask us questions about how to submit a privacy complaint and we will endeavor to help.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Any such changes will be posted on our website. By accessing our offerings and applications after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes.

 

Last Revised: 26 August 2024

bottom of page