Privacy User Acknowledgement and Consent

By clicking the “Continue” button, I hereby agree and express my voluntary, unequivocal and informed consent that personally identifiable information (PII) and the biometric information will be collected and processed for the purposes as specified in this Consent of the organisation for which I pass the identity verification process, and I wish to establish a business relationship (hereinafter - Company) that uses Sumsub Group of Companies, (hereinafter - the “Service Provider” or “Sumsub”) through which the Company collects and processes my PII and the biometric information. Please refer to the Privacy Notice for details about the identity and contact details of Sumsub.

1. My name and other means of identification for the purposes of obtaining this consent shall be established in the course of the processing of my PII carried out in accordance with this consent. My biometric information, the processing of which I hereby agree and express my voluntary, unequivocal and informed consent, includes facial features or facial scans.

2. The following types of PII are subject to processing The consent for the processing expressed hereby includes the following PII:

Some of these PII types may not be processed depending on the Company's requirements.

I hereby acknowledge and agree that facial images of myself are processed to confirm the liveliness of my face and/or to confirm that a given identity document is presented by me, its legitimate owner.

3. I hereby acknowledge and agree that processing shall be done for the purposes of the Company and may include matters of compliance with applicable AML/CFT, anti-fraud laws and regulations, age restrictions acts and/or other laws and regulations and/or the Company customer due diligence procedures in accordance with the laws governing the intended business relationship. The processing will also be carried out for other compatible purposes of the Service Provider acting as a separate business. Such compatible purposes include service development, fraud and criminal activity prevention, as well as ‘litigation hold’ and statutory obligations of the Service Provider, and are explained in detail in the Privacy Notice available here. The PII processed by the Service Provider for its own purposes are provided in point 2 above and include biometric data.

4. I hereby acknowledge the delegation of PII processing by the Company:

5. Data processing methods

I hereby acknowledge and agree that my PII and biometric information shall be processed by means of automated text extraction, verification of authenticity/validity and other methods of automated processing of photos and scanned copies of documents.

I hereby acknowledge and agree that Company and Service Provider shall process my biometric information by means of automated reading, verification of the authenticity and other automated processing as stated in the Privacy Notice available here, which includes the processing of facial scan while passing liveness, video-selfie or video identification process, biometric authorisation, face comparison from the photo of an identity document and the facial image, searching of multiple identity creation, work and development of fraud control network to detect and prevent fraud and criminal activity. The biometric processing methods are provided below:

The PII may be checked against multiple databases, including International Politically Exposed Persons (PEPs), Sanctions, Country-Specific Sanctions Lists and other ‘watch’ lists. It may also be reviewed in adverse media information sources.
The consent expressed hereby covers the following processing activities: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission to the Company and the Service Provider and other subcontractors, dissemination or otherwise making available for the performance of a task carried out in the public interest or in the exercise of official authority, transfer ( including cross-border transfer, where necessary), alignment or combination, restriction, erasure and destruction.
Whenever a transfer of PII outside the EEA is carried out, the Company and Sumsub implement appropriate safeguards as set out in the applicable laws by transferring on the basis of the EU adequacy decisions (or UK adequacy regulations) or by concluding standard contractual clauses. Third-party processors likewise rely on appropriate safeguards, which include binding corporate rules, standard contractual clauses, or other means as allowed by applicable laws. Cross-border personal data transfers from the UK to the EU/EEA countries are permitted by the UK Government.

6. Data subject rights
I hereby represent that I have been informed about my rights to:

all of which may be exercised by contacting the Company directly or the Service Provider with a respective notice at [email protected]. Some rights are not exclusive and may be limited to the statutory legal obligations vested in the Company or the Service Provider. I also acknowledge that I have the right to lodge a complaint with the supervisory authority. When it is related to the processing activities of the Company, please refer to the methods specified in its privacy policies. When it relates to the processing activity of Sumsub, please see here for more details.

7. I hereby represent that I have been informed that my PII will be retained and stored by Company and Service Provider and will be permanently destroyed based on the Company’s instructions when the Company’s initial purpose and/or retention period prescribed by applicable law expires. Where Service Provider independently defines the compatible purposes or under the legal obligation, the personal data, including biometric information, will be destroyed after Service Provider’s purposes for collecting the biometric information have been satisfied (and one (1) year of the date the purpose for collecting the data expires for residents of Texas) or after five (5) years from the provision of data to the Service Provider system, whichever occurs first. For the residents of Illinois, the retention period of personal data, including biometric information, will be three (3) years from the date of data provision to the Service Provider system. Please check how your PII will be deleted and destroyed in Service Provider’s Data Disposal and Destruction Policy.

8. I hereby represent that I have carefully read all of the above provisions and do voluntarily and unequivocally agree with them.