31 March 2023
*PLEASE NOTE: If you are a user of our OneID® service, this privacy notice does not apply to you. The basis upon which we use all personal information in relation to users of the OneID® service is governed by a separate privacy notice, which can be found here.
This privacy notice explains the following about our use of personal information relating to our various external contacts* such as OneID® Trust Scheme participants, customers, suppliers, advisers, regulators, service providers etc:
Who we are
We are OneID® , a UK company whose mission is to help people prove who they are online in a safe and secure way, under their control and consent.
For the purpose of applicable data laws, we are the controller of the personal information processed for the purposes set out below.
Further details can be found on our website.
How you can check who we are
Enabling trust online is at the heart of what we do, and that starts with us as a company.
We are registered with:
Laws that govern what we do
We are committed to ensuring that your privacy is protected, and we comply with the relevant parts of the following laws:
What information do we collect about you?
We may collect, use, store and transfer different kinds of personal information about you depending upon the nature of our relationship, and we have grouped them together as follows with some examples:
We may also collect, use and share aggregated, anonymised data relating to use of our various Products and our business more generally for any purpose (“Stats”). These Stats may be derived from your personal information but are not considered personal data in law so long as they cannot be used directly or indirectly to reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Product or feature and to identify which, and to analyse why, Products or features are over or under-used.
Generally speaking, we do not want or need to collect any special categories of personal information about you such as sexual orientation, political beliefs, health, genetic or biometric data. However, on rare occasions you may decide to provide us with information regarding you dietary requirements or health (eg in relation to our meetings or events which you attend), in which case we will only use it for the purpose for which you disclosed it to us.
Where we need to collect personal information by law, or under the terms of a contract we have with you or your company, and you fail to provide that information when requested, we may not be able to perform the contract we have, or are trying to enter into, with you or your company. In this case, we may have to cancel or refuse to provide a service or remove or deny access to a Product, but we will notify you if this is the case at the time.
How we collect your personal information
We use different methods to collect information from and about you, including:
Direct interactions. You may give us personal information by filling in forms or by corresponding with us by post, phone, email, through our various Products, via text and other messaging services, through social media (such as LinkedIn, Twitter, Facebook and Instagram), or otherwise. This includes personal information you provide when you:
Third parties or publicly available sources. We may receive or obtain various personal information about you from your company/employer/colleagues and various other third parties and public sources, including as set out below:
PLEASE NOTE: our systems and Products and your communications of any sort with us may be monitored/recorded for training, regulatory, security or quality control purposes and to help us generate our Stats.
What do we use your information for?
We may use personal information for the following purposes:
Depending on which of the above purposes we use your personal information for, we may process it on one or more of the following legal grounds:
How long do we keep your information for?
We wish to retain as little personal information as possible, for the shortest time we legitimately can. That generally means that we retain personal information whichever is the longest of the following:
· as long as is necessary to fulfil the purpose for which it was collected;
· to comply with legal, regulatory, accounting, audit, reporting and internal policy requirements – this will often require us to retain information for 7 years;
· for the establishment or defence of actual and/or anticipated legal claims; and
· as long as any other legitimate reason may require/justify
We will review the above from time to time. If there is no longer a reason for certain information to be retained, we will erase it securely, or in some cases anonymise it. We may use Stats and other anonymised information indefinitely without further notice.
We are committed to keeping your personal information secure. We have systems and processes to prevent unauthorised access or disclosure of your personal information – for example, we protect your personal information using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal information they process on our behalf secure. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will never sell your information
We will never sell and/or share your personal information with third parties for their own marketing purposes.
How we may use your information for marketing
If we ever use your personal information to provide you with marketing and promotional materials this will be because you have opted-in/subscribed, or because we have a legitimate interest in contacting you. Either way, you will always be able to opt out from receiving those materials in the future. This is in addition to your more general legal rights described below.
Why we may need to share your information, and who we might share it with
We may share your information with others where lawful to do so including where we or they:
We may also share your information with others where lawful to do so, including:
Transferring your information overseas
If we transfer personal information to countries outside the UK and/or EEA to countries that may not have the same level of data protection as the UK or EEA, we will only do so where appropriate safeguards are in place to enable us to legitimately and legally transfer data to them, such as: (i) transfers to countries with EEA/UK “adequacy” rulings; and/or (ii) where appropriate contractual (or other) arrangements are in place.
Your rights in relation to your information
Depending upon your exact circumstances, you have various rights, including the following:
More detailed information about your data protection rights can be found at the ICO here.
You will not normally have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and confirm your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Links to third-party websites and services
How to contact us
If you would like more information or have questions about this privacy notice, please contact us via email or letter to:
If you have a concern about your information, please contact us first to help you resolve it. The ICO provides some guidance on how to do this here.
Changes to this privacy notice etc
This privacy notice supplements any other fair processing or privacy notice that may we may provide to you from time to time and we may change this privacy notice from time to time. When we do, we will also post an updated copy on our website at www.oneid.uk