Family COnnect
Family COnnect
Thanks for reading this Privacy Policy! We know legal documents can sometimes be confusing and full of jargon, so we’ve tried to provide a clear, easy-to-read explanation of how we treat your personal information when you interact with us. Note to residents of California and other US states with special privacy rights: please see here for more information specific to you.
Who are we?
Kidentify Pte. Ltd. (“we” or “us” or “k-ID”) provides a suite of products and services, including www.k-id.com, the Global Compliance Database, Global Compliance Engine, Facial Age Estimation (“FAE”), the k-ID Family Connect Portal (both website and mobile app versions), and the k-ID Developer Portal.
We designed this Privacy Policy to help you understand how we collect, use, and share your personal information (collectively, our data “processing”). The definition of “personal information” varies a bit based on where you live, but it generally refers to information that can be used to identify you as an individual. This Privacy Policy can also help you understand and exercise your privacy rights.
Kidentify Pte. Ltd. is a valid licensee, and participating member, of the Entertainment Software Rating Board’s Privacy Certified Program (“ESRB Privacy Certified”). To help protect your privacy, we have voluntarily undertaken this privacy initiative. As a licensee in this privacy certification program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified. The technology behind our parent/family and developer portals has been reviewed and certified by ESRB Privacy Certified. If implemented correctly by our customers, our developer portal facilitates compliance with the U.S. Children’s Online Privacy Protection Act (COPPA) and its implementing rules.
With that out of the way, here’s the full Privacy Policy!
1. SCOPE AND UPDATES TO THIS PRIVACY POLICY
2. PERSONAL INFORMATION WE COLLECT
3. HOW WE USE YOUR PERSONAL INFORMATION
5. HOW WE SHARE YOUR PERSONAL INFORMATION
6. YOUR PRIVACY CHOICES AND RIGHTS
7. SECURITY OF YOUR INFORMATION
8. INTERNATIONAL DATA TRANSFERS
9. RETENTION OF PERSONAL INFORMATION
11. OTHER PROVISIONS
12. CONTACT US
This Privacy Policy applies to personal information processed by us and our affiliates (collectively “k-ID,” “we,” “us,” or “our”), including on our websites, mobile applications, and other online or offline offerings. To make this Privacy Policy easier to read, our websites, mobile applications, and other offerings are collectively referred to here as the “Services.”
What do we do?
We wear a few different “hats” when it comes to processing personal information. This Privacy Policy covers our processing of your personal information when we interact with you directly, such as when you visit our website or use our Family Portal. In that circumstance, we operate as a “data controller.”
In other cases, we work directly with our customers who integrate our technologies into their existing products or services. In these scenarios, we process any personal information our developer partners provide to us (which is typically limited to your location, age information, and other information used to identify your user session and/or publisher account) as a “data processor” or “service provider.” This means that our processing of the personal information they provide to us is governed by the contracts that we have in place with our partners, not by this Privacy Policy. If you have questions about how our customer is using information from you or your child in a particular service, you should contact that service provider.
Changes to our Privacy Policy. We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law, such as through an email or other in-app notice. If you continue to use our Services after the new Privacy Policy takes effect, we will assume you have read and acknowledged the new policy.
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. Generally speaking, we collect personal information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations. See below for more details regarding each category.
A. Personal Information You Provide to Us Directly
We may collect personal information that you provide to us directly through the following sources:
B. Personal Information Collected Automatically
We may collect personal information automatically when you use our Services as follows:
C. Personal Information Collected from Other Sources
Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations, such as our identity verification providers. When we receive personal information from our partners, it is limited to your age, jurisdiction, and information used to identify your user session and/or publisher account.
We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to improve our products and Services, as described below.
A. Provide Our Services
We use your information to fulfill our contract with you and provide you with our Services, such as:
B. Administrative Purposes
We use your information for various administrative purposes, such as:
C. With Your Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you consent to provide your personal information to us.
D. Other Purposes
We also use your personal information for other purposes as requested by you or as permitted by applicable law. For example, we may use personal information to create de-identified and/or aggregated information (for example, aggregate reports detailing the total number of users we have in a given jurisdiction).
Protecting children’s privacy online is core to what we do. When an individual accesses our Family Portal and asserts that they are the parent or guardian of a child who has initiated a permission request in a customer’s product or service, we follow the law of the child’s location to verify their identity. Meanwhile, when children use our Services, we limit access to certain features based on their age and the laws in their location. We also limit our personal information collection and sharing to only what is necessary to support the internal operations of our Services until we have obtained the verifiable consent of the child’s parent or legal guardian.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, or wish to review information collected from your child, or have that information modified or deleted, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless it is necessary for us to retain it to comply with our legal obligations (for example, to comply with a lawful investigation) or to protect the integrity of our Services. We will then revert them to the underage experience, if applicable.
We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
A. Disclosures to Provide our Services
The categories of third parties with whom we may share your personal information are described below.
B. Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in an actual or proposed merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred in connection with such a transaction, solely as permitted by law.
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.
By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.
All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, we rely on the EU Standard Contractual Clauses to support such transfer as required by law.
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.
We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws. Specifically, we will retain records of a parent’s permissions and preferences so long as the parent has an active account with us, and will retain session information as long as indicated by our customers.
This Notice at Collection and Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation that applies to our processing of personal information and others that may come into effect from time to time covering personal information collected in a business or employment context, including, but not limited to California.
A. PERSONAL INFORMATION WE COLLECT AND SHARE
Depending on how you use our Services, the information we may have collected within the last twelve (12) months about you, as well as the categories of third parties with whom we have shared this information, are described in the table below.
Category of Personal Information Collected by k-ID | Category of Third Parties Personal Information is Disclosed to for a Business Purpose | Category of Third Parties to Whom Personal Information is Sold And/or Shared |
---|---|---|
Identifiers. | ● Service providers ● Family members (permissions information only) ● Data analytic providers (online identifiers and IP addresses) | n/a |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | ● Service providers ● Family members (permissions only) ● Data analytic providers (online identifiers and IP addresses) | n/a |
Protected classification characteristics under California or other state or federal law | ● Service providers ● Data analytic providers ● Our customers (in the context of an age appeal/parental attestation) | n/a |
Commercial information | ● Service providers ● Data analytic providers ● Family members (permissions info) | n/a |
Biometric information | ● Service providers (not applicable to FAE – only for parental verification in certain jurisdictions) | n/a |
Internet or other electronic network activity | ● Service providers ● Data analytic providers ● Development partners | n/a |
Inferences drawn from other personal information to create a profile about a consumer | ● Service providers ● Data analytic providers ● Development partners (with respect to parental permissions) | n/a |
B. USE OF PERSONAL INFORMATION
We may use or disclose the personal information we collect for the purposes outlined in Use of Information above. These purposes include:
Where required under applicable law, we will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without first providing you notice.
C. SALES/SHARING OF PERSONAL INFORMATION
k-ID does not sell our users’ personal information for monetary compensation, or otherwise share it with advertisers for non-monetary consideration. This includes the personal information of minors under 16 years of age.
D. YOUR RIGHTS AND CHOICES
Subject to applicable law, if you are a resident of California or other US states with similar rights, you may have the following rights:
We will not discriminate against you, in terms of price or services that we offer, if you exercise any of the rights listed above.
Verification and Appeal Process: We are required by law to take reasonable steps to verify your identity prior to responding to your request. Please note that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If we are unable to process your request via you authenticating yourself on the Services, we may verify your request by asking for information sufficient to confirm your identity, based on the information we have on file. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and as permitted by applicable law. Where required by applicable law, we will notify you if we reject your request, and notify you of the reasons we are unable to honor your request.
If you are a resident of Colorado, Virginia, Connecticut, or another US state with similar rights, you may have the right to appeal a request we deny when we have verified your identity and still decline to honor your request. The process for that appeal will be sent to you separately if your request is denied.
Authorized Agent: Depending on where you live, you may have the right to use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a user to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the user, and have sufficient access to that user’s laptop, desktop, or mobile device to exercise that user’s right digitally. If you are an authorized agent trying to exercise rights on behalf of one of our users, then you can make a request on the user’s behalf by contacting us as set forth below in the “Contact Us” section: Such requests must include the following information: (1) a written authorization from the consumer that includes the consumer’s full name, address, telephone number and valid email address used by the consumer to interact with us, that is signed by the consumer and clearly bestows upon the agent the proper authority; and (2) a certificate of good standing with your state of organization. Alternatively, an acting agent can provide a valid power of attorney signed by the consumer on the agent’s behalf and a valid email address used by the consumer to interact with us. The email address of the consumer will be used to separately verify the agent’s authority with the consumer.
Shine the Light Disclosure: California residents are entitled to ask us for a notice that identifies the categories of personal information that we share with our affiliates and/or third parties for their direct marketing purposes, and provides contact information for such affiliates and/or third parties. Please note that we do not share personal information with third parties for their direct marketing purposes.
De-Identified Information. If we create or receive de-identified information, we will not attempt to re-identify such information, except to comply with applicable law.
E. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at privacy@k-id.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.
11. OTHER PROVISIONS
Third-Party Websites/Applications. The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Supervisory Authority. If your personal information is subject to the applicable data protection laws of Australia, Brazil, the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.
12. CONTACT US
Kidentify Pte. Ltd. is the controller of the personal information we process under this Privacy Policy. If you have any questions about our privacy practices or this Privacy Policy or to exercise your rights as detailed in this Privacy Policy, you can initiate a support request through the Family Portal by navigating to the “Help” section and following the prompts to submit a request, or by contacting us directly at:
Kidentify Pte. Ltd.
83 Keong Saik Road
02-01
Singapore 089168
Data Protection Officer
privacy@k-id.com
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), KIDENTIFY Pte. Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
UK General Data Protection Regulation (GDPR) - UK RepresentativePursuant to Article 27 of the UK GDPR, KIDENTIFY Pte. Ltd. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
ESRB Privacy Certified
Kidentify Pte. Ltd. is a licensee of the ESRB Privacy Certified program. If you believe we have not responded to your privacy-related inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at https://www.esrb.org/privacy/contact/ or privacy@esrb.org.