What do we mean when we say:
Legitimate Interest: the interest of ours as a business in conducting and managing our services to enable us to provide you and offer the most secure experience.
Contract performance: processing your Personal Data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Legal Obligation: processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Comparison Facial Similarity
In order to make your identity verification, we are using a solution that matches photo image or video records of your face point that you provide through a mobile app or camera with your ID document.
The solution is used for comparing live photographic data or video records of yourself and your ID card/passport, to comply with legal obligations (e.g. implementation of the obligations under the Law on Money Laundering and Terrorist Financing Prevention of Georgia and other fraud and crime prevention purposes) and risk management obligations.
The result of the face similarity (match or mismatch) will be retained for as long as it is necessary to carry out verification and for the period required by anti-money laundering laws.
We ensure that your face similarity check is a process of comparing data acquired at the time of the verification, i.e. this is a one-time user authorization by comparing two person's photos to each other. Your facial template is not created, recorded or stored. It is not possible to regenerate the raw data from retained information.
This process shall allow us to verify you more precisely and will make the process quicker and easier to carry out.
We may use our existing clients’ e–mail for our similar goods or services marketing. In case you do not object to the use of your e-mail for the marketing of our similar goods and services and you are granted with clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details by sending each message.
We may also provide the information to you being our client about our products or services by sending the messages in the application and such messages may be viewed in the notification centre, in case you do not choose the “opt-out” function in our application.
In other cases, we may use your Personal Data for the purpose of direct marketing, if you give us your prior consent regarding such use of data.
We are entitled to offer the services provided by our business partners or other third parties to you or find out your opinion on different issues in relation to our business partners or other third parties on the legal basis for this, i.e. on the basis of prior consent.
In case you do not agree to receive these marketing messages and/or calls offered by us, our business partners or third parties, this will not have any impact on the provision of services to you as the client.
We provide a clear, free-of-charge and easily realisable possibility for you at any time not to give your consent or to withdraw your given consent for sending proposals put forward by us. We shall state in each notification sent by e-mail that you are entitled to object to the processing of the Personal Data or refuse to receive notifications from us. You shall be entitled to refuse to receive notifications from us by clicking on the respective link in each e-mail notification.
How do we obtain your Personal Data?
Cactus Verify does not provide services directly to End Users. We collect the information you provide directly to us by using the Cactus Verify demo.
We do not collect Personal Data from third parties.
Who do we share your Personal Data with?
We may transfer your Personal Data in accordance with the principles of confidentiality to the following categories of recipients:
- our business partners, agents or intermediaries who are a necessary part of the provision of our products and services, as well as, card organizations (such as VISA or MasterCard) – in connection with our payment services;
- governmental bodies and/or supervisory authorities (in accordance with the requirements and obligations under the provisions of legal acts concerning anti-money laundering, fraud prevention, counter terrorist financing), credit, financial, payment and/or other electronic money institutions;
- pre-trial investigation institutions, the State Tax Inspectorate;
- lawyers, bailiffs, auditors etc.;
- service providers, who make your identity verification by using their IT solutions;
- companies providing services for money laundering, politically exposed persons and terrorist financing check-up and other fraud and crime prevention purposes and/ or companies providing similar services;
- external service providers (that provide such services as, for example, system development and/or improvement, audit services);
- beneficiaries of transaction funds receiving the information in payment statements together with the funds of the transaction; other entities that have a legitimate interest or the Personal Data may be shared with them under the contract which is concluded between you and us;
- other entities under an agreement with us.
International transfer of Personal Data
As we provide international services your Personal Data may be transferred and processed outside the European Union (hereinafter – the EU) and the European Economic Area (hereinafter – the EEA).
The transfer of Personal Data may be considered as needed in such situations as, e.g.:
- in order to conclude the contract between you and us and/or to fulfil the obligations under such contract;
- in cases indicated in laws and regulations for the protection of our lawful interests, e.g. in order to bring proceedings in court/other governmental bodies;
- in order to fulfil legal requirements or in order to realize public interest.
This can be done in a number of different ways, for example:
- the country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved by the European Commission as having an adequate level of protection;
- the recipient has signed standard data protection clauses which are approved by the European Commission;
- if the recipient is located in the US, it may be a certified member of the EU–US Privacy Shield scheme;
- special permission has been obtained from a supervisory authority.
We may transfer Personal Data to a third country by taking other measures if it ensures appropriate safeguards as indicated in the GDPR.
In some cases, we may use automated decision-making which refers to a decision taken solely on the basis of automated processing of your Personal Data.
Automated decision-making refers to the processing using, for example, a software code or an algorithm, which does not require human intervention.
We may use forms of automated decision-making on processing your Personal Data for some services and products. You can request a manual review of the accuracy of an automated decision in case you are not satisfied with it.
How do we protect your Personal Data?
We ensure the implementation of appropriate technical and organizational and administrative security measures required to ensure the security of your Personal Data processing, in order to protect your Personal Data from loss, misuse, accidental or unlawful destruction, modification, disclosure, unauthorized access or any other unlawful handling.
The Company and any third-party service providers that may engage in the processing of Personal Data on our behalf (for the purposes indicated above) are also contractually obligated to respect the confidentiality of the Personal Data.
Retention terms of Personal Data processing
We will keep your Personal Data for as long as it is needed for the purposes for which your data was collected and processed but no longer than it is required by the applicable laws and regulations. This means that we store your data for as long as it is necessary for providing services and as required by retention requirements in-laws and regulations.
In the cases when the terms of data-keeping are indicated in the legislative regulations, the legislative regulations are applied.
Your Personal Data might be stored longer if:
- it is necessary in order for us to defend ourselves against claims, demands or action and exercise our rights;
- there is a reasonable suspicion of an unlawful act that is being investigated;
- your Personal Data is necessary for the proper resolution of a dispute/ complaint;
- under other statutory grounds.
What rights do you have in relation to your Personal Data?
You as a data subject have rights in respect of Personal Data, we hold on you. Under certain circumstances and in accordance with EU or other applicable data protection laws, you may have the right to
- get familiar with your Personal Data and how it is processed – you have the right to obtain information about which Personal Data about you that we process. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for the Company’s business concept and business practices. The Company’s know-how, business secrets as well as internal assessments and material may restrict your right of access;
- demand rectifying incorrect or incomplete data – if it turns out that we process Personal Data about you that is inaccurate, you have the right to request a rectification of the Personal Data. You can also request to have incomplete Personal Data about you completed;
- erasing your Personal Data – you have the right to have any or all of your Personal Data erased. In certain cases, we cannot erase all of your Personal Data. In such case this would be due to the fact that we need to store your Personal Data due to a contractual relationship or law;
- restricting the processing of your Personal Data – you have the right to demand that our processing of your Personal Data be restricted for a period of time. This can pertain, for example, to a situation where you believe data about you is inaccurate and we need to verify it. It can also pertain to a situation where you object to processing that we base on legitimate interest. In such case we must verify if our grounds override yours;
- transfer your Personal Data to another data controller or provide it directly to you in a convenient format (NOTE: applicable to Personal Data which is provided by you and which is processed by automated means on the basis of consent or on the basis of conclusion and performance of the contract);
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
- to withdraw your consent so that we stop that particular processing when the processing is based on consent. However, such consent withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
- not to be subject to a decision based solely on automated processing;
- lodge an appeal to the State Data Protection Inspectorate – if you have an objection about how we have processed your Personal Data, you can turn to the supervisory authority concerned.
We will exercise your rights only after we receive your written request to exercise a particular right indicated above and only after confirming the validity of your identity. The written request shall be submitted to us by personally appearing at the registered office address of the Company, by ordinary mail or by e-mail: firstname.lastname@example.org
Your requests shall be fulfilled or fulfilment of your requests shall be refused by specifying the reasons for such refusal within 30 (thirty) calendar days from the date of submission of the request meeting our internal rules and GDPR. The afore-mentioned time frame may be extended for 30 (thirty) calendar days by giving prior notice to you if the request is related to a great scope of Personal Data or other simultaneously examined requests. Response to you will be provided in a form of your choosing as the requester.
The right to lodge a complaint
You can file a complaint regarding Personal Data in the same manner as specified above the section.
You can also address the State Data Protection Inspectorate with a claim regarding the processing of your Personal Data if you believe that the Personal Data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation.
For more information on how to control your cookie settings and browser settings or how to delete Cookies on your hard drive, please read the Cookies Policy available on our website
You can contact us by writing to us at email@example.com or post us at Cactus Verify Inc., 651 N Broad StSuite 201Middletown, DE 19709, US.
You can also contact our Data Protection Officer by sending an e-mail to the address: firstname.lastname@example.org