2.1 “Personal Information” is the term for “Personal Data” as defined in the GDPR. It means any information that can identify you either directly or indirectly (i.e. by reference to other information we have access to).
2.2. “Data Subject” is the individual who is the subject of Personal Information.
2.3. The term “processing” is used in this policy as defined in the GDPR. It includes collection, storage, and all of the ways we use Personal Information when we provide the Services to you. Services are as defined in Keytracks Terms of Service policy on https://Keytrack.me/terms-of-service
2.4. “Data Controller” means the entity which determines the purposes and means of the processing of Personal Information and who authorises to give Keytrack Personal Data processing instructions. And “Data Processor” means the entity which processes Personal Information on behalf of the Data Controller.
2.5. Keytrack may collect, store and use the following kinds of Personal Information that you provide to us:
- information that you provide when registering to use our services or completing your profile on our website (including but not limited to your name, address, phone number, company name, company address, company email, company phone number and profile picture/logo);
- information that you provide to us when using our services, or that is generated in the course of the use of those services (including personal documents, files, informational content, and the meta data associated with the content);
- any other Personal Information that you choose to send to us in use of Keytrack’s services.
2.6. We may collect store and use the following kinds of Personal Information automatically when you use the Services:
2.6. Keytrack processes Personal Information on behalf of the Data Controller. This information varies depending on the Keytrack application and the Data Controller in question, but may include such information as:
2.6.1. Name, physical address, email address, telephone number, social security number, driver’s license number, state or national ID card number, passport number, other ID card number, date of birth.
2.6.2. Payment information is processed by an external payment provider.
2.6.3. Keytrack, through a third-party identity verification provider, and depending on the service selected by the Data Controller (on consent of the Data Subject), collects and processes Personal Data for the purpose of identification verification, confirmation and client due diligence. This is a service requested by Customers, Data Controllers and consented to by Data Subjects. Keytrack will provide this service to Cutomers through it’s solution “Keytrust” which utilises a third-party verification provider to visually scan photographed images of the Data Subject’s face and/or identification card, driver’s license, passport, utility bill, bank account statement, insurance card, or other requested identity document. Images may include your photograph, and other information from the imaged document, such as your eye colour, weight, height, and organ donor status.
2.6.4 the Personal Data is processed via automated reading, verification of the authenticity and other automated processing of photos and scanned copies of documents and with further checks against the data in multiple databases, including inter alia International politically exposed persons (PEPs) and Sanctions, Country Specific Sanctions Lists, Criminal Lists, Financial Lists and regulatory managed databases. Once the Personal Data has been processed by Keytrack’s third-party identity verification provider and securely retrieved by Keytrack, all metadata and cached information related to the Personal Data is then erased off the third-party’s servers. Once the Personal Data is not any more necessary for the purposes of applicable compliance rules, Keytrack shall erase the data completely off its servers without leaving any backup copies or, based on the same condition, transfer the data to the relevant Controller.
2.7. The Data Controller retains control of the Personal Information and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to Keytrack.
2.8. Before the Data Controller discloses to Keytrack the Personal Information of another person, the Data Controller must obtain that Data Subject’s consent to both the disclosure and the processing of that Personal Information in accordance with the terms of this policy, with respect to Keytrack’s Terms of Service and on acceptance by the Data Subject to Keytrack’s Consent to Personal Data Processing.
2.8.1. This includes any content contained in the data subject’s documents or files. In respect of that content, Keytrack will act as a processor of the Personal Information and process and use it only in accordance with your instructions.