Version 1.2 - Last updated 8th April 2020
Keeping your data secure and maintaining your privacy is a significant responsibility and one that we take very seriously. We’ve written this policy to help you understand “what” personal information we collect, “how” we process it, “where” it is stored and how you can access or request deletion of your personal data.
When we refer to “Personal Data” we mean any data held on our system that directly or indirectly identifies an individual. This includes information that you have entered onto the system or have granted access to via a third-party integration.
We may also collect Personal Data about you in relation to how you use your account, i.e. where you are logging in from, how often you log in and what specific features you routinely use. This helps us to tailor your user experience and enhance security.
We comply with current UK Data Protection Legislation which implements the European Community’s Directive 95/46/EC and Directive 2002/58/EC, including, but not limited to, the DPA and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
As of 25th May 2018 this incorporates Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”).
Information you provide
This includes the Personal Data you provide, or somebody else provides on your behalf when completing any of the following activities:
- Registering a new ML Verify or Forum account
- Submitting information or uploading data within a ML Verify or Forum account
- Subscribing to a mailing list, including when you register a new account
- Ordering a standalone product or service
- Initiating a support request or submitting information on our “contact us” form.
- Completing a product referral form
- Completing an online survey or questionnaire
The information may include the following types of direct or indirect Personal Data:
- Your name
- Your contact information (e.g. phone, email, address etc)
- Employee details
- Personal Data contained within receipts and invoices
- Personal Data contained within uploaded files
- Personal Data contained within bank account transactions or other merchant service transactions
Our service is not intended for anyone under the age of sixteen, and we do not knowingly collect or solicit personal data pertaining to children. In the event we have collected and identified data for anybody under the age of sixteen without parental consent, we will proceed to delete this information as quickly as possible.
ML Verify do not collect or process special categories of personal data, as defined under GDPR.
Information we collect
We also collect information about how you use your account, this helps us to deliver a more customised user experience, identify trends and improve security. Some of this data may be “Personal Data”, in cases where it can be used to identify a person. Here is the information we collect and how it is used:
- Login dates and IP addresses - This allows us to understand how you are using ML Verify and identify unusual access patterns.
- Account usages statistics - This includes things like how much time you spend on the website and which features you use. This helps us to optimise your user experience and make you aware of specific features that may be of interest to you.
- Website traffic - This includes general information on how you found our website, which referring site you arrived from (e.g. Google, Facebook etc), and what device or browser you are using. This helps us to improve our marketing strategies and tailor our website for different devices.
- Order history - This information includes a record of any orders you place. This helps us to fulfil our obligations to you and provide accurate records when requested.
- Email opens and bounces - We track when the emails we send are opened or bounced. This allows us to optimise our mailing list by delisting addresses that are inactive or unresponsive.
Information provided to us by third-parties
In some cases we may receive Personal Data that has been passed to us by a third-party such as a payment processor or bank. This information is only received when you explicitly consent to share your information with us.
Personal Data you enter into ML Verify
In addition to your Personal Data, you may also enter Personal Data of other individuals into the ML Verify website. This can include name, date of birth, address, nationality and personal documents.
The Personal Data you provide ML Verify is used as part of the service we offer you, in order to help you meet your AML obligations, including through document verification, electronic identity verification (eIDV), generate reports and deliver other functionality you would expect from us as a compliance software platform. We will not pass this information onto any third-party without your consent.
In order to safeguard your information we ask that you take great care to ensure your password remains private and take all reasonable steps to protect your account from unauthorised access. We also ask that when providing the Personal Data of others, that you do so with full consent and in accordance with current Data Protection Legislation.
How we use your Personal and Financial Data
In this section we explain how your Personal Data, and the Personal Data entered into your account, is used by ML Verify.
To provide a service
First and foremost your Personal Data and the Personal Data of others will be used to provide you with a stable and reliable service. We will use the data to provide you access to the ML Verify service and from time to time to contact you by email, SMS, post, phone or social media concerning your account or any related matters that may be of interest to you. We will not contact individuals who do not hold an account with us, unless requested (including, but not limited to, a request to supply documents).
You may elect to use a third-party Marketplace Application to provide additional functionality for your account. Your data will only be shared with your explicit consent, although we do ask that you carry out appropriate due diligence before granting any third-party access to your account.
To improve our service
We will use your Personal Data and the Personal Data of others that you’ve input, to improve our service to you. This can be through administering support, tracking feature usage, collaborating on beta development or resolving bugs. We may from time to time rely on trusted outsourcing partners to help with some of these tasks. In such cases, we will always perform thorough risk assessment and establish strong privacy controls for any outsourcing partner.
To monitor trends
We collect anonymised data about how people use the ML Verify website. This includes collecting information on the number of visitors, what pages or features are accessed, which country visitors are connecting to the website from, browser types, display size and average viewing times. We may occasionally share this anonymised data with our community, although we will never include specific Personal Data here or any information that would identify you or your business.
Keeping you informed
We will occasionally contact you by email, SMS, post, telephone or social media to let you know about new features, forthcoming changes and relevant industry news. You reserve the right to opt-out from this type of correspondence at any time. You can either click the unsubscribe link or contact us and we will arrange that for you immediately.
We may also send you non-promotional notifications to update you on specific activity or events in your account. This may include when one of your clients uploads a documents or completes a KYC check that you have sent. It may also include reminders relating to your subscription or account status. If you prefer not to receive these types of notifications, we ask you to close your ML Verify account.
Exporting your Data
Upon request, we can provide you with an export of your Personal Data and the Personal Data of others that you have entered, in a universal machine-readable format. These may be delivered instantly or emailed to the account administrator, depending on the file size and the time taken to generate the export. These exports may, upon request, include any documents and images uploaded to your account. Due to the multi-tenanted design of our software, we are unable to restore your account to a specific point-in-time from a previously issued data export.
Deleting your Data (Right to Erasure)
Upon request, we will physically delete all Personal Data entered into your account. This can be instructed from the Account Settings section in your account, under the option “Close or Wipe your account”.
Under the provisions of Article 17 of the GDPR Legislation, you also have the right to request that any Personal Data (Notwithstanding those exemptions listed under Article 17, Paragraph 3) be permanently deleted. Upon receipt of such a request, we will take all reasonable steps to ensure that this is completed in an expeditious manner.
Depending on your jurisdiction you will likely be obligated to retain all business accounting records for a set period of time. We advise you to execute a backup of your account before instructing any deletion of your Data. Once we have received a request to delete your data we will be unable to reverse this process.
We don’t store credit or debit card details
We use a third-party payment processor (Stripe, Inc) to collect credit and debit card payments for payments, subscriptions and related products and services. We never directly collect or store payment card information on our servers.
Other ways in which we may share your data
In this section we explain a number of other circumstances in which we may share your Personal Data or the Personal Data entered into your account.
Third-party web services
In some cases it will be necessary to share Personal Data with a third-party web service you have authorised to work with your ML Verify account. This may be something like passing Personal Data to a third-party payment processor for services such as electronic identity verification.
In these cases data will be shared only on the basis that you have provided explicit consent and that you have completed the necessary authorisation for us to pass data to each of these web services. When we work with a third-party web service in this way, we always make sure that your data is only sent over a secure encrypted connection.
In order to provide a robust and reliable service, we depend on a number of cloud service providers to carry out key operations within our business. This includes things like document storage, payment processing, email processing, marketing assistance, social media management and website security.
Whenever we entrust your data with an outsourcing partner, we always carry out thorough due diligence and ongoing monitoring to ensure that appropriate privacy controls are in place and maintained at all times.
Sale of business assets
We reserve the right to share Personal Data with a prospective buyer of business assets. This would be subject to the terms of a Non Disclosure Agreement.
Law enforcement disclosures
We reserve the right to share Personal Data with law enforcement agencies, if the restriction of such information may prejudice an investigation into unlawful activity. Such exemptions will be sought under current Data Protection Legislation and ML Verify will have no legal liability for such disclosures.
Keeping your data secure
We recognise the responsibility to ensure that your data is kept safe and secure at all times. We will ensure that whenever your Personal Data, or the Personal Data of others stored in your account, is passed to and from our servers, that it is done so on a secure, encrypted connection. This may be when you are accessing data on the Website or when we are required to exchange data with third-party services. You can read more about our data security policies here.
We also ask that you ensure your password remains private and take all reasonable steps to protect your account from unauthorised access. We highly recommend setting up 2-factor authentication to further increase the security on your account.
You own all of the Data you enter into ML Verify. More specifically we recognise the owner of an account and the data contained therein as the individual or entity that controls access to the email supplied as part of your login credentials.
In cases where a dispute arises between personnel within your organisation or a third-party, we will play no role in arbitrating such disputes and will acknowledge the email owner as the account holder.
Should a dispute over account ownership arise, we ask that you resolve this by establishing control over the ML Verify login email address via your hosting company or IT service provider. When you have relinquished control over the login email address, you may then proceed to initiate a password reset to regain access to an account.
You have the right to unsubscribe from any promotional materials that we may send from time to time, by way of email, SMS, post, phone or any other medium. You will also receive general notifications about account activity such as when an invoice is paid by your client or when a subscription is due for renewal. If you would also wish to cease receiving this type of correspondence we ask that you close your ML Verify account.
Right to Erasure - You have the right to request that your Personal Data is deleted (notwithstanding those exemptions allowed under GDPR and the current UK DPA). You will be able to request removal of all applicable Personal Data and Financial Data from the “Close or Wipe your Account” section within your account.
Right to Rectification - You have the right to request that any incorrect Personal Data we hold about you is corrected if that information is inaccurate or incomplete. If you are unable to make the necessary rectification from within your account please contact us.
Right to Data Portability - You have the right to request a machine-readable export of all Personal Data we hold about you. This will be delivered as a ZIP file containing multiple CSV files.
Right to Object - In certain circumstances, you may object to our processing of your personal data. If you wish to lodge an objection, then please contact us.
Right to restrict processing - You can request that we restrict the processing of personal data we hold about you in certain circumstances. If you wish to lodge such a request, then please contact us.
Right to lodge a complaint - You have the right to make a complaint about our data processing activities to a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). Further details can be found on their website at https://ico.org.uk. We do however ask that you first contact us with any concerns you may have before you escalate a complaint.
Where you, in turn, are acting as a Data Controller, we will endeavour to make all reasonable efforts to assist you in the identification, rectification, extraction, or deletion of any Personal Data you have provided to us in the capacity of a data processor.
For the purpose of current Data Protection Legislation, the Data Controller is ML Verify Ltd.