Yoti privacy information


Our privacy information explains how we will handle your personal information when you sign up and / or use our app, websites, products and services. Where we say ‘we’ and ‘us’ we mean Yoti. Where we say ‘third party’ this means anyone who is not you or us. This could be another person or an organisation.

This general section contains information that applies across all our business. The product-specific sections cover our different products and services, so you can easily find the information you need for the specific product or service you use. If a product-specific section doesn’t have a topic you are looking for, then the right information will be in the general section.

As transparency and privacy are Yoti core values, we regularly check and update this policy to reflect new features and functionality. We have a lot of new features and functionality planned, so to avoid having to issue new privacy information every month, there may be information about things that aren’t quite in place yet, but they will be soon. Regularly reviewing our privacy information makes sure that you are always aware of what information we collect, how we use it and how we might share it. The ‘What’s new’ section summarises the changes made to the latest version. For the app, we will also tell you there is a new version in the information on what’s new when you go into your app store to update the app to the latest version.

Who we are chevron
Information collection and use chevron
Information sharing chevron
Security and data location chevron
Your rights and choices chevron
Cookies chevron
Analytics chevron
Contact us chevron
Past versions chevron
What’s new chevron

Who we are

We are a digital identity platform and we design our software and services with privacy at their heart, guided by a set of principles.

We are monitored by a Guardian Council who make sure that we always seek to do the right thing.

We are certified as a B Corp company, meaning that we consider the impact of our decisions on employees, consumers, the community and the environment.

Learn more

chevron
expand-dismiss

Company details

expand-dismiss

We are Yoti Ltd, Fountain House, 130 Fenchurch Street, London, EC3M 5DJ (company number 08998951), but you can call us ‘Yoti’. Our general email address is hello@yoti.com.

expand-dismiss

Our principles

expand-dismiss

We take your privacy very seriously. We design our software and services with privacy at their heart, guided by a set of principles which you can read here: https://www.yoti.com/about/principles/.

We are monitored by a Guardian Council, who are respected and influential individuals who make sure that Yoti always seeks to do the right thing, and that we are transparent about what we are doing and why. Read more about them here: https://www.yoti.com/about/council.

We are also certified as a B Corp company, meaning that we consider the impact of our decisions on employees, consumers, the community and the environment. Read more about it here: https://www.bcorporation.net/

expand-dismiss

Lawful bases

expand-dismiss

EU data protection law requires an organisation to have a lawful basis for its personal information collection and use, and there are several lawful bases available. Our products and services are available globally and so in some cases our choice of EU lawful basis reflects the need to comply with different laws in different countries.

What we collect

What we do with it


Performance of a contract

When you set up and use our app and associated products and services, almost all the personal information collection and use is necessary to provide the app, product or service.

If you provide us your contact details to ask us a question, request more information or contact our Customer Support, we use your details to reply and resolve any issues.


Consent

We ask you to consent to us using your biometrics. This is because biometric data is sensitive data under the EU GDPR and the lawful bases available for this data are very limited. There are also biometrics laws in other countries that require consent.

See the section on biometrics for more information about the biometrics we use and why.

In the UK we can also use a ‘preventing or detecting unlawful acts’ lawful basis for our use of biometrics that is for fraud prevention purposes.


Legitimate interests

Some personal data collection and use is in our legitimate business interests. To use this lawful basis we assess both our interests and yours, to make sure that what we’re doing does not cause any unjustified privacy intrusion.

Identity checks: where we check your details with a third party to make sure only verified identities can get a Yoti.

Fraud reporting: some fraud prevention bodies we work with require us to report identity fraud we discover.

R&D: (non-sensitive data) to continually improve and test our fraud prevention measures.

Analytics: we de-identify and aggregate the metrics information we get from users to understand how our website and app are performing, to identify bugs, and to identify where we need to focus our efforts to improve.

Marketing campaign records: we keep information so we know who was sent what marketing information and when.

Invoice and billing: for corporate customers.


Legal obligation

If you have provided us your contact details to hear about Yoti, its products and services and you no longer want to hear from us, we are obliged by law to stop contacting you. To meet this legal obligation we will add your details to a suppression list so you no longer hear from us.

If you are a corporate customer, we are obliged to carry out some due diligence.

expand-dismiss

Retention

expand-dismiss

We provide retention information in the relevant product-specific section.

In most cases, the information you add to your account or provide as part of using a product or service remains until you delete the account.

If you volunteer for user testing, we will keep the related information for six months.

expand-dismiss

When Yoti shares your personal information

expand-dismiss

Yoti’s core principles are that it is not our business model to sell, transfer or share outside the company any of the personal information used to set up your account or your user activity information.

There are though some situations where we will share or will have to share some information, and we list these below.

Situation

Who we share your data with


If we suspect identity fraud, a national security threat, legal infringement, or a criminal offence

We may have to share a copy of your information with the appropriate authorities.


If you provide false or inaccurate information

If, after investigation, we determine that there has been fraud that meets the criteria for reporting, we will pass the details to relevant crime and fraud prevention agencies to prevent further fraud and money laundering.

One of these agencies is Cifas. Cifas keeps fraud reports for six years. Other Cifas members may use the information we report to refuse to provide you with services, financing or employment. You can find the Cifas privacy information here: https://www.cifas.org.uk/fpn

You can get more information about our approach to fraud and misuse by emailing privacy@yoti.com.


If we get a request for information from law enforcement or other official authority

Where your personal information is encrypted in our database, and we do not have the decryption key, we cannot provide any information.

For information that we do have access to, we have an internal policy and process to make sure that we only disclose personal information where:

  • the request is valid;
  • the information requested is no more than necessary;
  • we can disclose it compliantly; and
  • we think it’s the right thing to do.

We may have a legal obligation to share the information if we receive a court or similar legal order ordering us to disclose it.


To verify your details

For some of our products and services we check certain details, including against a third party, as part of verifying identity and carrying out due diligence.

The product-specific sections will set out when and how this happens.


To verify details on behalf of other companies

Some of our products and services may include the option to request an identity check against credit reference agency or other fraud prevention data.

In these circumstances Yoti simply sends the relevant details to the credit reference agency or fraud prevention database on behalf of the company, and sends the response back to the company.

The product-specific sections will set out when and how this happens.


We may use the services of other businesses to help us in certain areas, for example, for data storage; online payment providers; and identity providers who we use to help with identity verification

Because of how we have designed the system, in most situations we won’t need to share your information with third parties.

If we do, we will encrypt your data and / or it will be properly protected by the terms of our contract with these third parties.


If Yoti sells its assets

Yoti will only agree to the sale if the new business commits to the core Yoti principles of data privacy.

While we are negotiating with the company buying or combining Yoti with their own business, they won’t be able to access your encrypted personal information but Yoti may provide anonymised statistical information.

expand-dismiss

When you share your personal information

expand-dismiss

You alone will decide when you want to use a Yoti product or service to identify yourself to a third party, or to send and request information. You choose whether to agree or not to share the information a third party requests.

Yoti encourages companies to only ask for the information they actually need, for example, your age, or confirming you are over 18, rather than a full date of birth. If you choose to share your information with a third party using Yoti, those third parties may choose to use that information to communicate with you or they may share that information with others. We suggest you read the privacy policies of any organisation you share your information with to understand how they will use your personal information.

expand-dismiss

Access rights

expand-dismiss

You are entitled to know what personal information we hold about you and to receive a copy of it.

For most of our products and services, you provide your personal information and can access it by going into the product / service. If you want to make an access request for personal information not contained in a product / service you are using, please email: privacy@yoti.com

With regard to the cookies and analytics we use, this information is collected and stored automatically through in-house and third-party tools, as set out in the sections on cookies and analytics. The product-specific sections will set out if there is any analytics information that is linked to any of your personal information.

In-house analytics

The information we collect is de-identified and aggregated and it is not possible to search or get the information using your name or your phone’s identifiers (for example, the IMEI number which is like a serial number for your phone). So we cannot provide you with this information as it is not linked to any of your identifying details.

Google Analytics information

We use Google Analytics for some products or websites. Google creates and shares with us an identifier (such as, 76c24efd-ec42-492a-92df-c62cfd4540a3). The information that we collect through Google Analytics is linked only to this identifier, and so it is not possible to search or get the information using your name or your device’s other identifiers (for example, the IMEI number which is like a serial number for your phone). So we cannot provide you with this information as it is not linked to any of your identifying details.

You can make an access request to Google here: https://support.google.com/policies/contact/sar

expand-dismiss

Correction rights

expand-dismiss

You are entitled to correct personal information we hold about you that is inaccurate.

For most of our products and services you have the ability to correct or replace inaccurate personal information.

If you have contacted our Customer Support or had other contact with us and want to make a correction request, please email: privacy@yoti.com.

expand-dismiss

Deletion rights

expand-dismiss

In certain circumstances you are entitled to ask us to delete the personal information we hold about you.

For some of our products and services you can delete your account or certain information from within the product / service.

If you have any other deletion request, please email: privacy@yoti.com.

expand-dismiss

Objection rights

expand-dismiss

In certain circumstances you are entitled to object to Yoti processing your personal information.

If you receive any marketing, there will always be an unsubscribe option.

If you want to contact us about your objection rights, please email: privacy@yoti.com.

expand-dismiss

Restriction rights

expand-dismiss

In certain circumstances you are entitled to ask us to restrict our processing of your personal information.

You can ask us to do this if:

  • you dispute the accuracy of your personal information;
  • our processing is unlawful but you prefer restriction to deletion;
  • we no longer need the information but you need it for legal reasons; or
  • you have objected to our processing and we are still dealing with this objection.

If you want to contact us about your restriction rights, please email: privacy@yoti.com.

expand-dismiss

Portability rights

expand-dismiss

In certain circumstances you are entitled to receive the personal information you have provided us in a structured, commonly used and machine-readable format.

For some of our products and services you can download your personal information from within the product / service.

If you have contacted our Customer Support or had other contact with us and want to make a portability request, please email: privacy@yoti.com.

expand-dismiss

Complain to the ICO

expand-dismiss

You can also complain to the Information Commissioner's Office (ICO) who is responsible for making sure that organisations comply with the law on handling personal information. https://ico.org.uk/global/contact-us/

expand-dismiss

What’s a cookie?

expand-dismiss

It’s an online technology to collect information about you and to store your online preferences. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page.

expand-dismiss

Types of cookie

expand-dismiss

Session cookies

These expire when you close your browser and do not remain on your computer.

Persistent cookies

These are stored on your computer until they expire or you delete them from your cache. They are normally used to make sure the site remembers your preferences.

expand-dismiss

Categories of cookies

expand-dismiss

Strictly necessary cookies

These cookies are essential for you to move around our website and Dashboard and use their features. Without these cookies we cannot provide services you have asked for, such as access to secure areas.

Performance cookies

These cookies collect anonymous information on how people use our Dashboard and website.

Functionality cookies

These cookies remember choices you make, such as your last action, language and search preferences. We can use these to provide you with a better experience based on your preferences. The information from these cookies is anonymous and they cannot track your browsing activity on other websites.

expand-dismiss

How do I delete cookies?

expand-dismiss

Go to the help and support area on your internet browser for instructions.

Information on deleting or controlling cookies is also available at https://www.aboutcookies.org/

If you delete or disable our cookies you may not be able to access certain areas or features of our site.

expand-dismiss

What are analytics and why do we use them?

expand-dismiss

Analytics means collecting and analysing information about activity on our website and in our app. None of our analytics provide information about you personally. The statistics we get from this data allow us to understand how people are using our products and websites, and things like what works and what doesn’t, how long it takes to complete critical tasks and where we have users. Unlike most other companies, we don’t build individual profiles of the people who use our products and services. We simply look for trends and patterns to inform business decisions.

All these statistics are essential to understanding how our products and websites are performing and identify where we need to focus our efforts to improve.

expand-dismiss

Your choices for analytics

expand-dismiss

You have some control over analytics information collected through settings available in your website browser and on your phone, as well as in the Yoti app settings.

Website

You can clear pixels and cookies by clearing your cache or browsing history and by setting your browser to refuse cookies and pixels. You can also get more information from the Digital Advertising Alliance and change ad settings using their ‘Your Ad Choices’ tool here: http://www.aboutads.info/consumers

Phone

Both Android and iOS phones have privacy settings to limit the collection of the Advertising ID.

Apple: https://support.apple.com/en-gb/HT202074

Android: https://support.google.com/ads/answer/2662922?hl=en-GB

Yoti app

You can opt out of certain analytics through the app settings.

Updates

Section

Update


General

14/01/2019


Yoti App

04/03/2019


Yoti Dashboard

21/02/2019


Yoti Sign

21/02/2019


Yoti Password Manager

14/01/2019


Yoti Websites and social media

04/03/2019