SCOPE
This Privacy Policy applies to Personal Data (defined below) processed by Civic Technologies, Inc. (“Civic,” “we,” “us,” and “our”) in the course of providing our digital identity services, as collected from Civic’s website (located at https://www.civic.com/ and https://www.civic.id/), developer docs (located at https://docs.civic.com/), user platforms (located at https://www.civic.me/ and https://www.getpass.civic.com) (together, the “Site”) and iOS and Android apps (the “Apps”), and our related online service offerings (collectively with the “Site” and the “Apps”, the “Services”). For more information about our data practices related to Civic Pass and other passes available through Civic, please see the privacy policies available on the relevant service.
This Privacy Policy explains what Personal Data we collect, how we use and share that data, and your choices concerning our data practices.
Before using the Services or submitting any Personal Data to us, please review this Privacy Policy carefully and contact us at privacy@civic.com if you have any questions. By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, you may not access or use the Services.
PERSONAL DATA WE COLLECT
When you use our Services, we collect information that alone or in combination with other information in our possession personally identifies you (“Personal Data”). The Personal Data collected during these interactions may vary based on what you choose to share with us, which Services you choose to use, and whether you create an account, but it will generally include:
Information You Provide to Us.
Contact Information. We will collect your name, email address, phone number, username, and other information.
Selfie Images. We ask you to submit selfie images to verify your identity and provide our Services.
Identity Information. Civic allows you to store various forms of identification or identification documents and information via the Services. This may include your government-issued identification documents (e.g., passport, driver’s license), Social Security number, and other similar documents and information. Civic will also collect Personal Data contained in these documents (e.g., birthdate, gender, address, government-issued identifiers, etc.).
Biometric Information. We and our service providers may use facial recognition technology to extract biometric information contained in facial images that you provide to the Services. For example, we may compare the face on your government-issued photo ID against a selfie that you provide to us. We use this biometric information for identity verification and fraud prevention.
By accepting our Terms of Service and Privacy Policy and providing us with your selfies and your identification documents, you consent to the extraction and processing of the biometric data contained therein as set forth in this Privacy Policy and our Biometric Privacy Notice.
Civic utilizes identity verification services provided by Onfido. Onfido’s collection and use of information is described in Onfido Facial Scan Policy and Release (available at https://onfido.com/facial-scan-policy-and-release/); Onfido Privacy Policy (available at https://onfido.com/privacy/); and Onfido Terms of Service (available at https://onfido.com/terms-of service/). In addition, Civic partners with a range of innovative companies to provide services to you (the “Third-Party Services”). From time to time such Third-Party Services may collect additional or different types of Personal Data from you. If you decide, at your discretion, to provide such Personal Data to any provider of Third-Party Services, you acknowledge and agree that you are bound by the respective privacy policies and terms of service of such Third-Party Services.
Wallet Information. In order to provide the Services, we may need to provide you with a wallet address (also referred to as a “public address”) or ask you for your existing wallet address(s). As you use the Services, we will also collect information about your wallet including the types and amounts of currencies (as applicable) and details about transactions.
Financial Account / Payment Information. We may work with Third-Party Services as applicable to obtain information from financial institutions and allow you to process financial transactions. All financial account and/or payment card information necessary to complete a transaction is provided directly to the Third-Party Services and is not stored by us. In addition to this Privacy Policy and our Terms of Service, the information shared with Third-Party Services is also processed according to Third-Party Services’ services agreement and privacy policy.
Communications with Us. We may collect Personal Data from you such as email address, phone number, or mailing address when you request information about our Services, sign up for our newsletter, request customer or technical support, or otherwise communicate with us.
Customer Service and Support. If you interact with Civic’s customer service and support, we may collect the information you provide to our representatives.
Interactive Features. Civic may offer interactive features such as commenting functionalities, forums, chat services, and social media pages. Civic and other individuals who use our Services may collect the information you submit or make available through these interactive features. Any information shared on the public sections of these channels will be considered “public” and may not be subject to the privacy protections referenced herein.
Conferences, Trade Shows, and Other Events. We may attend conferences, trade shows, and other events where we collect Personal Data from individuals who interact with or express an interest in Civic and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include Personal Data.
Information We Collect Through Your Use of the Services.
We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, IMEI, MAC address, Technologies including cookie identifiers, mobile advertising and other unique identifiers, mobile carrier, details about your browser, operating system or device, access times, location information (including inferred location based off your IP address), Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with your account and the devices you use.
Cookies, Web Beacons, and Personalized Advertising. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your device that allow us and our partners to record certain pieces of information whenever you visit or interact with the Services.
Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Services that collects information about users’ engagement. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in emails to understand whether messages have been opened, acted on, or forwarded.
Analytics. We may use Google Analytics and other service providers to collect information regarding behavior and demographics on our Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You may be able opt out of Google’s collection and processing of data generated by your use of the Site by going to http://tools.google.com/dlpage/gaoptout.
Information from Other Sources.
We may collect information about you from additional online and offline sources including commercially available third-party sources, such as social media, for the purposes of verifying eligibility and securely offering our Services to you. We may combine this information with the personal and other information we have collected about you under this Privacy Policy.
HOW WE USE YOUR INFORMATION.
We process Personal Data for a variety of business purposes, including:
To provide the Services, Products, or Information Requested.
Administrative Purposes.
Marketing our Products and Services. We may use Personal Data to tailor and provide you with content and advertisements.
We may provide you with marketing materials as permitted by applicable law, including by email, push notification, custom audiences advertising, webinars, social media, and “interest-based” or “personalized advertising.” Consent for SMS messages is not required as a condition to purchase products or services. Message and data rates may apply.
We may receive and use personal information from social media and other sources in combination with other information we collect through other means described in this Privacy Policy for the purposes of providing you with promotions.
If you have any questions about our marketing practices or if you would like to opt out of the use of your Personal Data for marketing purposes, you may contact us at privacy@civic.com.
De-identified and Aggregated Information Use. We may use Personal Data and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, de-identified or aggregated trends, reports, or statistics, or other analyses we create. De-identified and/or aggregated information is not Personal Data, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
Sharing Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.
Technologies. Our uses of Technologies fall into the following general categories:
Operationally Necessary. This includes Technologies that allow you access to our Services that are required to identify irregular behavior, prevent fraudulent activity, and improve security or that allow you to make use of the Services functions.
Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services.
Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services and keeping track of your specified preferences or past pages viewed.
Advertising or Targeting Related. We may use first-party or third-party Technologies to develop and deliver content, including ads relevant to your interests, on our Services or on third-party sites.
Consent. Civic may use Personal Data for other purposes that are disclosed to you at the time you provide Personal Data or with your consent.
HOW WE DISCLOSE YOUR INFORMATION.
We may disclose any of the Personal Data we collect about you as set forth below:
Notice Regarding Use of Blockchain. The holdings and transactions associated with a wallet address are publicly available on the blockchain. Therefore, information about your holdings and transactions will be accessible to third parties due to the nature of the blockchain.
Civic Wallet. To complete transactions using the Civic wallet, we will need to share some of your Personal Data with the person or company that you are paying or is paying you, or which is requesting identity or another form of verification or processing such verification, as applicable.
Service Providers. We may share any Personal Data we collect about you with our third-party service providers. The types of service providers to whom we entrust Personal Data include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) identity verification and know – your – customer services; (iv) marketing and advertising; (v) payment processing and other similar services; (vi) customer service activities; and (vii) the provision of IT and related services. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data.
Affiliates. We may share Personal Data with our affiliated entities that control us, are controlled by us, or are under common control with us.
Business Partners. We may provide Personal Data to business partners to provide you with a product or service you have requested. We may also provide Personal Data to business partners with whom we jointly offer products, services, or promotions.
Interest-Based or Personalized Advertising. Through our Services, Civic may allow third-party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit third-party services within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”
If you prefer not to share your Personal Data with third-party advertising partners, you may follow the instructions under the YOUR CHOICES section below.
APIs and Software Development Kits. We may use third-party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your Personal Data to provide content that is more relevant to you. By using the Service, you agree that your Personal Data may be shared with Third-Party Services and processed in accordance with Third-Party Services’ services agreements and privacy policies. For more information about our use of APIs and SDKs, please contact us at privacy@civic.com.
Disclosures to Protect Us or Others. We may access, preserve, and disclose your Personal Data if we believe doing so is required or appropriate to: (i) comply with a legal obligation, including law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) to collect amounts owed to us; (iv) when we believe disclosure is necessary or appropriate to prevent financial loss or legal liability, or in connection with an investigation or prosecution of suspected or actual illegal activity; or (v) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be shared, sold or transferred as part of such a transaction as permitted by law and/or contract.
INTERNATIONAL DATA TRANSFERS.
All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States and other countries. If you are accessing our Services from the European Economic Area (“EEA”) or other regions with laws governing data collection and use, please note that your Personal Data will be transferred to and stored in the United States as necessary for the purposes described in this Privacy Policy, and the data may be transmitted to our service providers supporting our business operations (described above). The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your Personal Data out of the EEA or the United Kingdom we will take steps designed to ensure that your Personal Data receives an adequate level of security protection where it is processed and your rights continue to be protected.
YOUR CHOICES.
General. In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Services, you may be unable to use those features. You can also contact us at privacy@civic.com to ask us to update or correct your Personal Data. You may have the right to object to or opt out of certain uses of your Personal Data. Where you have consented to the processing of your Personal Data, you may withdraw that consent at any time by contacting us at privacy@civic.com.
Email & Text Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy). If you receive an unwanted text or SMS message from us, you can reply with “STOP” in order to unsubscribe from future text or SMS messages from us.
Mobile Devices. We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. With your permission, we may also collect precise location information if you use our Apps. You may opt-out of this collection by changing the settings on your mobile device.
Technologies and Personalized Advertising. If you would like to opt-out of the Technologies we employ on the Services, you may do so by blocking, disabling, or deleting them as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android and iOS.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from advertisers that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/ and www.aboutads.info/choices/.
Please note you must separately opt out in each browser and on each device.
“Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
DATA RETENTION.
We retain the Personal Data we receive as described in this Privacy Policy for as long as you use our Services or as necessary or advisable to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, protect against fraud, enforce our agreements, and comply with applicable laws. Where required by law, we will delete your biometric information within three years of your last interaction with the Services.
SECURITY OF YOUR INFORMATION.
We take steps that we deem as commercially reasonable in an effort to ensure that your information, including data about your interests and payment behavior (the “Platform Activity”) is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure or error free, and we cannot ensure or warrant the security or integrity of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services or third-party websites.
By using the Services or providing Personal Data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by sending a notice through the Services or by sending an email to you.
THIRD-PARTY WEBSITES/APPLICATIONS.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
CHILDREN’S INFORMATION.
The Services are not directed to children under 13 who reside in the United States or individuals under 16 in other jurisdictions (or other age as required by local law), and we do not knowingly collect Personal Data from children. If you have reason to believe that a child under the age of 13 has provided us with Personal Data through the Service, you may contact us at privacy@civic.com. If we learn that we have collected any child’s Personal Data in violation of applicable law, we will promptly take steps to delete such information.
EUROPEAN PRIVACY RIGHTS.
If you reside in the European Economic Area, you may have the right to exercise certain privacy rights available to you under applicable data protection laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes or to complete transactions that you began prior to requesting any deletion.
How to Exercise Your Rights
To exercise any of the rights above, contact us at privacy@civic.com. Please identify yourself and specify your request. If you have a password protected account, we may generally use your account information to verify your identity. If not, we may ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorized disclosure or deletion would be.
We use commercially reasonable efforts to delete your Personal Data as required but may retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.
CHANGES TO OUR PRIVACY POLICY.
We may revise this Privacy Policy from time to time at our sole discretion. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
CONTACT US.
If you have any questions about our privacy practices or this Privacy Policy, please contact us at privacy@civic.com.