Privacy Notice and Consent Request
What is identiblue?
​
Identiblue is a reusable digital identity service, operated by Blue Biometrics Limited (Blue) UK company number 14819566. Identiblue is designed to assist people, online and offline, to verify their legal identity or authenticate for access to services, and/or consensually share personal information to relying parties, such as businesses, governments or other organisations. It is ‘reusable’ because it is designed to be used in different contexts to the one it was created in. For example, you may sign up for your identiblue account (identi) in order to purchase and improve the security of a digital asset and then reuse your identi to prove your identity to open a bank account. These are example use cases only. This is a new service, so initially the options to reuse your identi will be limited but this will grow substantially. Reuse makes digital identity more convenient, because it is much quicker and easier to reuse your identi than setting up a new digital identity and finding your ID and enrolling. It improves cybersecurity by reducing the amount of document copies and other information that private companies hold about you and elevating the security of your identity and other personal information.​
​
Our commitment
​
Blue designs and operates identiblue with three core priorities:
-
Privacy
-
Ultrasecurity
-
Convenience
How we receive your personal information
​
If you consent, we will collect personal information directly from you, including your biometrics. That collection will occur both during setup of your personal identiblue digital identity account (identi) and during the use of your identi. Setup and use of your identi is via either of two channels. Through the identiblue mobile app or through a process embedded in the mobile app of a relying party utilising an application programming interface (API) to connect to the same identiblue cloud system. Via either method the storage and processing of your personal information is done in the same way for the same reasons. Every time we collect biometric information; we will make it obvious at the time and only possible with your consent. For example by ‘Capture’ and ‘Submit’ buttons. Location data assists identity verification, fraud prevention and service provision. Permission for location and camera is required for the identiblue app (Android and iOS). Additional information may be gathered through new features or services we may provide in the future. We will update this information which can be viewed in-app during set-up and on our website.
Additionally, we may also collect any other information you provide while interacting with us. For example, if you contact us for customer service. We may also collect your personal information, through websites, cookies, apps or partner companies or relying parties. However, identiblue WILL NOT link any marketing data to your identi.
The personal information we collect
​
We currently collect and process the following:
-
Full name
-
Date of birth
-
Place of birth
-
Email address
-
Mobile number
-
Location - according to the app being used
-
Country of residence (or residential or other address dependent on ID used)
-
Images of document/s
-
Biometrics including images of your face, hand/s, finger/s, or other biometrics or anything else in the images you submit and recordings of your voice.
Purposes for collecting of processing personal information
​
We will use or process the collected information for the following specific purposes:
-
To set-up your identi - initial identity verification and creation of the secure personalised files required to provide identiblue services.
-
Operation of your identi - the provision of identiblue services. To operate your identi, the identiblue service may collect your information as described above and use that information to compare it against information previously collected by identiblue. We do that for the specific purposes of verifying your identity, to provide identiblue services. Identiblue services may include verifying to a relying party (such as a business that you are accessing services from), that the personal information you have provided to them is correct, including your legal identity. We WILL NOT share your biometrics or documents with relying parties that are requesting identity verification. Identiblue services may include any other identity related transactions that you consent to. For example, identiblue may verify that you are an adult, to a business, anonymously, that is without revealing any other personal information to that business. Identiblue DOES NOT provide any ‘one to many’ biometric identification services, only one to one verification. Identiblue is designed for the use of your identi, by you in real time, with your informed consent. This means a relying party CAN NOT search with your biometrics to ask who is this? Blue will release future features that will share the personal information that you explicitly consent to sharing.
-
Training of Artificial Intelligence (AI) software to reliably verify your identity in the future, detect deep-fakes and other presentation attacks, to improve identiblue services.
-
Prevention of fraud.
-
To comply with the law.
-
To comply with contractual obligations to you, relying parties and distribution partners.
Lawful bases under UK GDPR
​
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing your personal information are;
-
Your consent (that you can withdraw at any time).
-
Contractual obligations due to operating identiblue platform services.
-
Legal obligations of Blue or a relying party due to regulations for example anti-money laundering (AML) and counter terrorism financing (CTF) regulations or similar.
-
Legitimate interests, such as preventing identity theft and other fraud.
-
Under the UK GDPR and the Data Protection Act 2018 (DPA), biometrics are a special category of data with additional safeguards. We only collect your biometrics with your explicit consent.
Deletion of personal information
​
Your personal information will be encrypted and stored by Blue until you withdraw your consent or your account has been inactive for three years. Blue may also, at its own discretion, delete information that in its view is no longer necessary to retain, to facilitate identiblue services. You can withdraw your consent by contacting us and verifying your identity or by the 'Delete Account’ button in the app. Within 14 days of a deletion request, we will delete all of your personal information, except that information that Blue is obligated to retain because of the aforementioned lawful bases for information processing. For example, we may be required by law to keep a record, for Blue or on behalf of a relying party, that your identity was verified for AML/CTF legislation, when accessing a financial service, but nonetheless delete your biometric information.
Storage and processing of your personal information
​
At rest, your personal information will be stored in the UK, using Microsoft Azure and/or IBM Cloud. In the future Blue may also store your information in other countries, for example the country where you are using identiblue services or another country with appropriate privacy safeguards. Blue uses strong encryption and other design features to protect your information. Your personal information may be transferred between different countries for the purposes of storage or processing or information sharing that you have consented to. When such transfers occur, Blue will use contractual protections as far as practical to maintain the level of privacy protections for your personal information consistent with UK law. Generally, processing of your personal information will occur in the UK and/or the United States of America (USA) and/or Australia and in the future within the European Union.
Your personal information may be processed by Blue and/or its affiliate companies;
Blue Biometrics Pty Ltd
ABN 66 621 736 249
Suite 1, 92 Cleveland Street
Greenslopes QLD 4120
Australia
Blue Biometrics Inc
8 The Green STE B
Dover, DE 19901
United States
Your personal information may also be processed by Microsoft, however this is performed by use of Azure cloud services (controlled by Blue) that DO NOT inform Microsoft of your identity. Blue uses Microsoft Azure services to recognise document text and face verification technology to process face images and compare them one-to-one to verify your identity. Only momentary processing of images, recordings or templates occurs. That occurs in combination with processing by Blue with other technology completely within Blue’s cloud system. Biometrics are stored at rest with third-party quantum resilient encryption technology, and other security measures, and not accessible to any processor other than Blue. In the near future your personal information may be processed (non-biometrically) by IBM. If this occurs it will be only with cloud services controlled by Blue.
​
Your data protection rights
​
Under data protection law, you have rights including:
-
Your right of access - You have the right to ask us for copies of your personal information. Please note for your security we would require proof of your identity and arrangements would need to be made for a secure process.
-
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Accuracy is important to us too.
-
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. Please see previous information about deletion requests.
-
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
-
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
-
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
-
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Concerns or complaints
​
If you have any concerns about our use of your personal information, please contact us:
Blue Biometrics Limited
Business Cyber Centre
Unit 7 Greenways Business Park
Chippenham SN15 1BN
Phone: TBA
You may also make a complaint to the Blue Biometrics Data Protection Officer via the following contact details:
Attention DPO Blue Biometrics
Business Cyber Centre
Unit 7 Greenways Business Park
Chippenham SN15 1BN
+61 433 432 918
You can also complain to the ICO if you are unhappy with how we have used your data.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Circumstances where Blue do not permit use of identiblue
DO NOT use identiblue if you are a resident of, or visiting, the State of Illinois (USA).
DO NOT use identiblue if you have not yet reached your 18th birthday.
The identiblue customer service chatbot will be available soon to answer your questions including about privacy. Visit: https://www.identi.blue/
By clicking "I have read this privacy notice and I consent" below, you confirm that you have read and understood the above information about the use of your biometric and other personal information, and you give us your informed consent to collect, use, store, and delete your information in the manner described.