Privacy Policy
DTIS Privacy Policy Effective as of 6 December
2013
This Privacy Policy describes the
privacy practices regarding how DTIS handles your personal
information while using its identity authentication services,
its mobile application, and its Web site www.daontis.com.
Consent
By Enrolling as a Subscriber and using the Service you as an individual hereby explicitly consent to your Subscriber Data being used, transferred and accessed as set down in this privacy policy. You certify that this consent is freely given. If you do not consent then do not enroll or use the Service.
Daon Trusted Identity Services has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and our practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at support@daon.com. If you are not satisfied with our response you can contact TRUSTe here. The TRUSTe certification only covers information collected through our mobile application and our site www.daontis.com.
DTIS complies with the U.S. - E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. DTIS certifies that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DTIS certification, please visit http://www.export.gov/safeharbor.
1. Information Collected
On behalf of
our customers ("Relying Parties") DTIS authenticates the
identity of individuals ("Subscribers"/"you"), using a unique
credential ("the Service").
If a Subscriber consent in
each instance, DTIS may use a Subscriber's unique credential to
authenticate the Subscriber to more than one Relying Party.
To enable DTIS to provide the Service, Subscribers must enroll
into the DTIS system using the DTIS Web site ("Enrollment").
During Enrollment DTIS requires Subscribers to provide DTIS with
personal contact information, such as their name, phone number,
and email address ("Required Contact Information").
In
addition, DTIS requires Subscribers to provide DTIS with certain
biometric information, namely 'voice prints' and a facial image
("Biometric Information"). This information will be collected
both on the Web site during Enrolment, and using the mobile
application, to complete an authentication request from a
Relying Party.
Further, as part of the Enrollment and
authentication processes DTIS may collect information such as
Subscriber's IP address, geographic location, mobile device ID
and other related attributes required to provide the Service
("Device Information"). A Subscriber may turn off geographic
location at device level at any time. However, DTIS may no
longer be able to authenticate a Subscriber without geographic
location to a Relying Party that requires same.
Required Contact Information, Biometric Information and Device Information are referred to collectively as "Subscriber Data".
2. Use of Information Collected
DTIS
uses Subscriber Data solely to perform the Service and to
contact Subscribers with information regarding the Service. This
may include using collected data to test new authentication
algorithms or policies, to improve the Service over time.
3. Sharing of Information Collected
DTIS
does not share Subscriber Data with third parties other than as
described in this privacy policy. DTIS does not share, sell,
rent, or trade to third parties any information provided for
promotional, marketing or any other commercial purposes.
DTIS may provide Subscriber Data to companies that provide services to help us with our business activities such as processing payments, customer service. and preventing or addressing service or technical problems. These companies are authorized to use your Subscriber Data only as necessary to provide these services to us.
DTIS reserves the right to use or disclose Subscriber Data if required by law, such as to comply with a subpoena, judicial proceeding, court order, or other legal process or if DTIS reasonably believes that use or disclosure is necessary to protect the DTIS's rights, protect your safety or the safety of others.
If DTIS is involved in a merger, acquisition, or sale of all or a portion of our assets, Subscribers will be notified via email and/or prominent notice on DTIS's Web site of any change in ownership or uses of Subscriber Data, as well as any choices they may have regarding their Subscriber Data.
4. International Transfer of Information
Collected
DTIS is a global company and our Service
operates and is provided globally. DTIS may collect, transfer
and access Subscriber Data from around the world, including the
United States and the European Union. Subscriber Data may be
stored in a hosted data center in the United States or other
locations. This privacy policy shall apply to Subscriber Data
wherever it is located.
5. Unsubscribing from the Service or Changing
Account Information
You may unsubscribe from the Service
or change or delete inaccuracies within your account information
on-line or by emailing support@daontis.com. We use a secure
protocol to ensure that only the registered owner of an account
can request such changes. We will respond to your access request
within 30 days.
We will retain your Subscriber Data for as long as your account is active and you consent to use the Service. If you wish to cancel your account or request that we no longer use your Subscriber Data to provide the Service contact us at support@daontis.com. On cancellation, we will retain and use your Subscriber Data only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When you unsubscribe your unique credential will no longer be valid for use with any Relying Party and you will need to make arrangements with each Relying Party you interact with for an alternate form of authentication.
6. Security
DTIS uses security measures
to protect Subscriber Data from unauthorized access, maintain
data accuracy and to help ensure the appropriate use of
Subscriber Data. These security measures include data encryption
and digital signatures to ensure the continuing integrity of
that data (as well as to evidence any tampering with the data),
firewalls, intrusion detection systems, 24 x 7 physical
protection of facilities where data is stored, background checks
(as permitted by law) for personnel that access physical
facilities, and strong security procedures across all service
operations. These measures help ensure that Subscriber Data is
safe, secure, and only available to the Subscriber to whom the
information belongs and those to whom the Subscriber has granted
access. Subscribers are responsible for maintaining the security
and confidentiality of their DTIS PINS, passwords, or any other
"secret" information used as part of the authentication process.
We encrypt the transmission of all Biometric Information as well
as geographic location using widely-recognized industry
best-standard security technologies and procedures.
7. Cookies
A cookie is a small text file
that is stored on a user's computer for record-keeping purposes.
We use cookies on the DTIS Web site. We do not link the
information we store in cookies to any Subscriber Data you
submit while on our site.
We use both session-ID cookies
and persistent cookies. We use session-ID cookies to make it
easier for you to navigate our site. A session-ID cookie expires
when you close your browser. A persistent cookie remains on your
hard drive for an extended period of time. The use of persistent
cookies by third parties is not covered by our privacy policy.
We do not have access to or control over the use of these
cookies.
8. Mobile Analytics
We use mobile
analytics software to allow us to better understand the
functionality of our software on your phone. This software may
record information such as how often you use the DTIS
application, the events that occur within the application,
aggregated usage, performance data, and where the application
was downloaded from. We do not link the information we store
within the analytics software to Subscriber Data.
9. Clear Gifs (Web Beacons/Web Bugs)
Our
third party tracking technology partner employs a software
technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that
help us better-manage content on our Web site by informing us
what content is effective. Clear gifs are tiny graphics with a
unique identifier, similar in function to cookies, and are used
to track the online movements of Web users. In contrast to
cookies, which are stored on a user's computer hard drive, clear
gifs are embedded invisibly on Web pages and are about the size
of the period at the end of this sentence. We do not link the
information gathered by clear gifs to Subscriber Data.
10. Links to Other Sites
The DTIS Web
site and application contain links to other sites that are not
owned or controlled by us. Please be aware that we are not
responsible for the privacy practices of such other sites. We
encourage you to be aware when you leave our site and to read
the privacy policies of each and every Web site that collects
personally identifiable information. This privacy policy only
applies to how DTIS handles your personal information while
using its identity authentication services, its mobile
application, and its Web site.
11. Social Media Widgets
Our Web site
includes Social Media Features, such as the Facebook 'Like'
button (and Widgets, such as the 'Share this' button or
interactive mini-programs that run on our site) ("Features").
These Features may collect your IP address, which page you are
visiting on our site, and may set a cookie to enable a Feature
to function properly. Features are either hosted by a
third-party or hosted directly on our Web site. Your interaction
with a Feature is governed by the privacy policy of the company
providing it.
12. Changes to this Privacy Policy
DTIS
reserves the right to change this privacy policy. DTIS will
provide notification of any material changes to this privacy
policy through a prominent notice on DTIS's Web site at least
thirty (30) business days prior to the change taking effect.
13. Contacting Us
Questions regarding
this privacy policy or the information practices of the Service,
the DTIS mobile application or Web site should be directed to
support@daontis.com or:
DTIS
601 Madison Street
Suite 200
Alexandria, VA 22314
703-824-0500