Privacy Policy

DTIS Privacy Policy Effective as of 6 December 2013
This Privacy Policy describes the privacy practices regarding how DTIS handles your personal information while using its identity authentication services, its mobile application, and its Web site www.daontis.com.

Consent

By Enrolling as a Subscriber and using the Service you as an individual hereby explicitly consent to your Subscriber Data being used, transferred and accessed as set down in this privacy policy. You certify that this consent is freely given. If you do not consent then do not enroll or use the Service.

Daon Trusted Identity Services has been awarded TRUSTe's Privacy Seal signifying that this privacy policy and our practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our privacy policy or practices, please contact us at support@daon.com. If you are not satisfied with our response you can contact TRUSTe here. The TRUSTe certification only covers information collected through our mobile application and our site www.daontis.com.

DTIS complies with the U.S. - E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. DTIS certifies that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view DTIS certification, please visit http://www.export.gov/safeharbor.

1. Information Collected
On behalf of our customers ("Relying Parties") DTIS authenticates the identity of individuals ("Subscribers"/"you"), using a unique credential ("the Service").

If a Subscriber consent in each instance, DTIS may use a Subscriber's unique credential to authenticate the Subscriber to more than one Relying Party.

To enable DTIS to provide the Service, Subscribers must enroll into the DTIS system using the DTIS Web site ("Enrollment"). During Enrollment DTIS requires Subscribers to provide DTIS with personal contact information, such as their name, phone number, and email address ("Required Contact Information").

In addition, DTIS requires Subscribers to provide DTIS with certain biometric information, namely 'voice prints' and a facial image ("Biometric Information"). This information will be collected both on the Web site during Enrolment, and using the mobile application, to complete an authentication request from a Relying Party.

Further, as part of the Enrollment and authentication processes DTIS may collect information such as Subscriber's IP address, geographic location, mobile device ID and other related attributes required to provide the Service ("Device Information"). A Subscriber may turn off geographic location at device level at any time. However, DTIS may no longer be able to authenticate a Subscriber without geographic location to a Relying Party that requires same.

Required Contact Information, Biometric Information and Device Information are referred to collectively as "Subscriber Data".

2. Use of Information Collected
DTIS uses Subscriber Data solely to perform the Service and to contact Subscribers with information regarding the Service. This may include using collected data to test new authentication algorithms or policies, to improve the Service over time.

3. Sharing of Information Collected
DTIS does not share Subscriber Data with third parties other than as described in this privacy policy. DTIS does not share, sell, rent, or trade to third parties any information provided for promotional, marketing or any other commercial purposes.

DTIS may provide Subscriber Data to companies that provide services to help us with our business activities such as processing payments, customer service. and preventing or addressing service or technical problems. These companies are authorized to use your Subscriber Data only as necessary to provide these services to us.

DTIS reserves the right to use or disclose Subscriber Data if required by law, such as to comply with a subpoena, judicial proceeding, court order, or other legal process or if DTIS reasonably believes that use or disclosure is necessary to protect the DTIS's rights, protect your safety or the safety of others.

If DTIS is involved in a merger, acquisition, or sale of all or a portion of our assets, Subscribers will be notified via email and/or prominent notice on DTIS's Web site of any change in ownership or uses of Subscriber Data, as well as any choices they may have regarding their Subscriber Data.

4. International Transfer of Information Collected
DTIS is a global company and our Service operates and is provided globally. DTIS may collect, transfer and access Subscriber Data from around the world, including the United States and the European Union. Subscriber Data may be stored in a hosted data center in the United States or other locations. This privacy policy shall apply to Subscriber Data wherever it is located.

5. Unsubscribing from the Service or Changing Account Information
You may unsubscribe from the Service or change or delete inaccuracies within your account information on-line or by emailing support@daontis.com. We use a secure protocol to ensure that only the registered owner of an account can request such changes. We will respond to your access request within 30 days.

We will retain your Subscriber Data for as long as your account is active and you consent to use the Service. If you wish to cancel your account or request that we no longer use your Subscriber Data to provide the Service contact us at support@daontis.com. On cancellation, we will retain and use your Subscriber Data only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you unsubscribe your unique credential will no longer be valid for use with any Relying Party and you will need to make arrangements with each Relying Party you interact with for an alternate form of authentication.

6. Security
DTIS uses security measures to protect Subscriber Data from unauthorized access, maintain data accuracy and to help ensure the appropriate use of Subscriber Data. These security measures include data encryption and digital signatures to ensure the continuing integrity of that data (as well as to evidence any tampering with the data), firewalls, intrusion detection systems, 24 x 7 physical protection of facilities where data is stored, background checks (as permitted by law) for personnel that access physical facilities, and strong security procedures across all service operations. These measures help ensure that Subscriber Data is safe, secure, and only available to the Subscriber to whom the information belongs and those to whom the Subscriber has granted access. Subscribers are responsible for maintaining the security and confidentiality of their DTIS PINS, passwords, or any other "secret" information used as part of the authentication process. We encrypt the transmission of all Biometric Information as well as geographic location using widely-recognized industry best-standard security technologies and procedures.

7. Cookies
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. We use cookies on the DTIS Web site. We do not link the information we store in cookies to any Subscriber Data you submit while on our site.

We use both session-ID cookies and persistent cookies. We use session-ID cookies to make it easier for you to navigate our site. A session-ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. The use of persistent cookies by third parties is not covered by our privacy policy. We do not have access to or control over the use of these cookies.

8. Mobile Analytics
We use mobile analytics software to allow us to better understand the functionality of our software on your phone. This software may record information such as how often you use the DTIS application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to Subscriber Data.

9. Clear Gifs (Web Beacons/Web Bugs)
Our third party tracking technology partner employs a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better-manage content on our Web site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not link the information gathered by clear gifs to Subscriber Data.

10. Links to Other Sites
The DTIS Web site and application contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy policies of each and every Web site that collects personally identifiable information. This privacy policy only applies to how DTIS handles your personal information while using its identity authentication services, its mobile application, and its Web site.

11. Social Media Widgets
Our Web site includes Social Media Features, such as the Facebook 'Like' button (and Widgets, such as the 'Share this' button or interactive mini-programs that run on our site) ("Features"). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable a Feature to function properly. Features are either hosted by a third-party or hosted directly on our Web site. Your interaction with a Feature is governed by the privacy policy of the company providing it.

12. Changes to this Privacy Policy
DTIS reserves the right to change this privacy policy. DTIS will provide notification of any material changes to this privacy policy through a prominent notice on DTIS's Web site at least thirty (30) business days prior to the change taking effect.

13. Contacting Us
Questions regarding this privacy policy or the information practices of the Service, the DTIS mobile application or Web site should be directed to support@daontis.com or:

DTIS
601 Madison Street
Suite 200
Alexandria, VA 22314
703-824-0500