UpPass Privacy Notice
Collective Wisdom Company Limited (the “Company”), the owner and developer of “UpPass” gives the first priority to client’s privacy and right to their Personal Data (as defined under this Notice). This Privacy Notice (the “Notice”) is prepared and announced to all of UpPass users, including unregistered visitors, registered users and premium users (if any) (collectively referred hereunder as the “Client”) to describe how the Company collect, use, and share the Client’s Personal Data (defined under this Notice), as well as the assurance of the data rights the Client and/or other data subject may have in that Personal Data.
This Notice shall apply to all UpPass function and the associated services provided directly by the Company (the “Services”) yet this Notice is not intended to be applicable to any other function, platform or services performed by the third-party service provider that may be linked or connected from UpPass that is beyond the control of the Company where the Client shall be required to study and agree to the specific privacy notice of those third-party service provider.
Prior to accessing UpPass or using any of the Services, please read this Notice and make sure you fully understand the Company’s necessity to process your Personal Data. In case that any Client continues using UpPass and/or other Services, the Company shall deem that the Client accepts and agrees to this Notice. In case that any Client oppose to this Notice, please discontinue all use of any of UpPass and/or the Service and the Company reserve the right to refuse not to provide UpPass access and other relevant Services to the Client since processing of Personal Data under this Notice is necessary for the Company to perform the obligations that the Company commits under the UpPass Terms and Conditions.
The Company may review and update this Notice from time to time as appropriate to ensure that the Notice shall comply with relevant laws and regulations of any jurisdiction and be in accordance with UpPass function and/or the Services; provided that the Company will notify the amendment of this Notice on UpPass or via other communication channel that the Company may have with the Client.
What “Personal Data” do the Company Process?
To provide the access to UpPass function and to perform the Services, the Company shall collect any information that relating to an identified or identifiable natural person (the “Personal Data”) in various types from 3 main sources as follows:
Information the Client directly provides to the Company. When the Client register for UpPass user account or use any of the Services; and/or when the Client contact us directly by any communication channel (e.g. the Company’s customer support channel), the Client would be required and may provide the Company the Personal Data, such as name, email address, phone number, payment information (e.g. the credit card information, bank account information or evidence of payment) (for Client with Paid Services as defined under the Terms and Conditions), any other information required for the on-boarding and user account registration, any Personal Data the Client include in the communications with the Company, and Personal Data contained in scanned identification documents (such as an ID card, driver’s license, passport, or official company registration documents).
Information the Company collects when the Client uses UpPass and/or the Services. When the Client visit, download, and/or use any function of UpPass and/or of the Services, the Company may collect aggregated usage Personal Data executed and transacted on UpPass (e.g. the log-in session or history track record for the transaction undertaken on UpPass), non-identifying Personal Data regarding the Client’s device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps through the collection and use of website cookies or other similar technique to track and collect the Client’s behavior.
Information collected from other sources. The Company may receive the Client’s Personal Data from third-party sources, such as (i) fraud detection and prevention providers or the government watchlist that the Company would check the Client’s Personal Data to screen out the Client associated with fraud, (ii) social media or email platforms, in case the Client log-in or sign-up using the social media or email account, the Company may receive Personal Data from that service provider (e.g., the username and basic profile Personal Data) and (iii) in some cases, the Company may receive collect Personal Data from lead enhancement companies which help us to improve the Company and UpPass service offering or other advertising and marketing partners engaged by the Company to monitor, manage and measure our ad campaigns.
For the avoidance of doubt, in case the Client is the corporate entity, the Personal Data would also refer to the Personal Data of the authorized director and/or other representatives that the Client may appoint as the focal or contact person to interact and transact any action with the Company on behalf of such Client.
‘Personal Data’ of the Client’s User
With the key function of UpPass and/or the Services that is designed to provide identity verification of the end-user of each Client for various purposes (the “User”), the Company may collect, store and process certain Personal Data of the User (the “User Personal Data”) yet those process of the User Personal Data would be executed solely on the Client’ behalf and strictly compliance with the Client’s sole discretion and instruction; provided that the process of the User Personal Data shall be executed pursuant to the following terms and conditions:
The Client acknowledge and affirm the understand that the key purpose of UpPass is to offer the Client the ability to: (I) easily create simple yet highly functional website-based identity verification of the User; and (ii) to manage the identity verification process through dashboard and project management tools; provided that it is agreed and affirmed by the Client that the decision as to which and how the User Personal Data shall be processed is made solely by the Client as shown to all the customization made on UpPass and the User Personal Data shall be collected the website solely developed and operating by the Client (the “Client Platform”) that shall be connected and redirected from UpPass system.
The User Personal Data that will be collected via UpPass would include any piece of information that the Client would require the User to fill in the Client Platform, including without the limitation the full name, identity documentation, the contact information, other onboarding information and, in particular, the biometric data of the User in the form of the facial recognition.
All of the User Personal Data collected via the Client Platform may be processed further in UpPass and/or the performance of the Services. For all those processes, the Client understand and affirm that the Company serves and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation (“GDPR”) and other applicable personal data protection of any jurisdiction) of such User Personal Data.
The Client controlling and operating such Client Platform shall be considered as the “Controllers” of such User Personal Data, and shall be solely and exclusively responsible for complying with all laws and regulations that may apply to the collection and control of such User Personal Data, including all privacy and data protection laws of all relevant jurisdictions. The Client shall indemnify and hold the Company harmless from all the damages, claim, compensation and other expenses that the Company may be suffering from the failure of the Client to comply with or perform the statutory obligations defined under the relevant laws and regulations for all the process of the User Personal Data on the Client Platform that use UpPass technology and/or Services.
For the avoidance of doubt, the obligations that the Client shall be obliged under the applicable laws to comply with in processing the User Personal Data by themselves and the Company in UpPass function include without limitation to: (I) the obligation to ensure data minimization; (ii) the obligation to ensure purpose limitation and to ensure all the process has the legal basis support; (iii) the notification obligation to inform the relevant User of their Personal Data processing by both the Client and UpPass and/or obtain prior consent for the process of the biometric data of the User that is categorized as the special category of the Personal Data; (iv) obligation to assure the security, confidentiality, integrity, availability and authorized usage of User Personal Data; (v) obligation to provide any required data subject rights; and (vi) obligation to monitor and report the relevant Personal Data breach that may be incurred or triggered during the process.
Purposes for Personal Data Processing
The Company would need to Personal Data of the Client for the following purposes:
To perform the Company’s contractual obligations as defined under the Terms and Conditions, the Company would need to process the Client’s Personal Data in: (i) verifying the Client’s identity; (ii) tracking and recording the relevant transaction and/or order that the Client has executed and transacted; (iii) effectuating those transactions pursuant to the Client’s order and instruction, in particular in displaying and completing the Client Platform and providing the relevant managerial services of the identity verification process through dashboard and project management to the Client; (iv) providing the Client with ongoing customer assistance and technical support or professional assistance upon the Client’s request.
To comply with any applicable laws and regulations that the Company shall be obliged to perform or comply with under any jurisdiction where UpPass and the Services shall be used.
To support the Company's legitimate interest and business purposes, the Company would need to process the Client Personal Data and to some extent the User Personal Data for the particular purpose as follows; provided that the Company shall ensure that each process shall be conducted in a way that is proportionate and that respects the privacy rights of the relevant data subject:
To further develop, customize, expand and improve UpPass function and/or Services, based on the Client’s common or personal preference, experiences and difficulties;
To help the Company to update, expand and analyze the Client records to identify new customers;
To create aggregated statistical data and other aggregated and/or inferred information, which the Company and/or the affiliates may use to provide and improve UpPass respective services;
To enhance UpPass data security and fraud prevention capabilities;
To enhance and strengthen UpPass capability in machine learning process to record and verify facial recognition information and/or the OCR;
To assist the Company in the legal proceedings that the Company and/or the Client may have in any jurisdiction.
Disclosure of Personal Data
In general, the Company commits not to disclose Client Personal Data to any third party, except to the following persons in the following manners and instances:
Third party service providers: that the Company may engage in providing the services that may be necessary to the Company, including without limitation to the technology and IT service providers, payment service provider, external auditor, specialized consultants in financial and legal fields, tax, governance, analysis, research, or other services; provided that the Company commits to implement the appropriate measures to protect the security of the Personal Data and limit the scope of disclosure and access to such Personal Data only on a necessary basis.
Law Enforcement, Legal Requests and Duties: The Company may disclose or otherwise allow access to any categories of the Personal Data described in this Notice pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if the Company have a good faith belief that those laws require the Company to do so, with or without notice to the Client.
In connection with a change in corporate control: In addition, should the Company or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, the Personal Data may be shared with the parties involved in such event.
The Client’s Third-Party Services: UpPass enable the Client, through different techniques, to engage and procure various third-party services, products and tools for enhancing the Client Platform (the “Third-Party Services”). If the Client choose to engage with such Third-Party Services, those Third-Party Services providers may have access to and process Personal Data of the Client and/or the User collected through the Client Platform and/or UpPass. In such circumstance, the Company merely act as an intermediary platform that discloses information to the Third-Party Services on the Client’s behalf and only upon the Client’s direction. The Company, therefore, is not, and shall not be, in any way responsible for such Third-Party Services processing of such Personal Data, or liable with respect thereto.
It should be noted that Cookies that are used on UpPass should be divided into 2 types: (i) first-party cookies, referring to Cookies placed by the Company directly; and (ii) third-party cookies, referring to Cookies placed and used by third-party companies; provided that there would be not shared access of the Cookies data between us and the third-party companies.
The Cookies used on UpPass fall into one of the four categories:
Strictly Necessary Cookies: first-party cookies that are critical for the operation of UpPass website and function (i.e., to verify the Client’s identity);
Functionality Cookies: third-party cookies with the function of recording the Client’s preference setting (i.e., user account information, language, font and display functions) that would assist the Company in customizing the UpPass display that match for each individual Client as previously set;
Performance Cookies: third-party cookies with the function of assessing the performance of each component of UpPass website; and
Advertising Cookies: third-party cookies with the function of recommending the products and services that may be of the Client’s interests.
Client’s Personal Data. The Company may retain Client’s Personal Data for as long as the User Account on UpPass (as defined under the Terms and Conditions) is active or as otherwise needed to provide the Client with our Services.
User Personal Data. The Company may retain the User Personal Data for so long as the data retention period as defined and instructed by the relevant Client that may range from a period of 1 day, 7 days, 30 days, 90 days, 180 days, 365 days, or any period by on-demand basis; provided that the Client shall also be entitled, at their sole discretion, any time log-in to the respective User Account on UpPass to manually delete the User Personal Data one by one.
Subject to UpPass User Personal Data Retention Policy, the Company may continue to retain the Personal Data (both of the Client and/or the User, as applicable) after the Client deactivate the User Account and/or cease to use any particular Services, as reasonably necessary to comply with the Company’s legal obligations, to resolve disputes regarding our Clients or their Users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests as defined in the purpose section.
Company’s Representations to keep the Information Security of the Personal Data
The Company has implemented security measures designed to protect the Personal Information that the Client share with us, including physical, electronic and procedural measures in order to prevent unauthorized access, use, amendment, or disclosure of those Personal Data and the Company commit to review the information security measures from time to time in order to ensure the compliance with the best industry practice and changes relevant laws.
Regardless of the measures and efforts taken by the Company, we cannot and do not guarantee the absolute protection and security of the Personal Information (both of the Client and the User) or any other information the Client upload, publish or otherwise share with the Company, in particular on the Client Platform. The Company encourages the Client to set strong passwords for User Account and Client Platform, and avoid providing the Company with any sensitive Personal Information of which the Client believes its disclosure could cause the Client substantial or irreparable harm.
Data subject’s right
The Company respects the Client’s statutory rights as the data subject under different jurisdiction where UpPass and/or the Client’s Platform would be operating. Those statutory rights include the following rights: right to withdraw consent; right to request for access or copy of the Personal Data; right to revise or rectify the Personal Data; right to request for data portability; right to object to any process of the Personal Data; right to request for deletion or de-identification of the Personal Data once there is no further necessity; right to request for the suspension of the Personal Data processing; or right to complaint.
Questions and complaints
The Company takes every privacy complaint seriously and will make all reasonable efforts to resolve the Client’s complaint promptly and in accordance with applicable law. If the Client have any questions or concerns about the Company’s collection, use or disclosure of Personal Data or if the Client believe that the Company have not complied with this Notice or applicable data protection laws, please contact us and then the Company will investigate the complaint and determine whether a breach has occurred and what action, if any, to take.
If the Client has any questions about this Notice or wish to exercise any of the statutory rights as described, please contact the Company [email protected].
The Company commits to put our best effort in resolving any complaints regarding the use of the Personal Information in accordance with this Notice and the relevant applicable laws.