SmartSearch’s Privacy Notice – last updated 7^th July 2023

This Privacy Notice provides information about how we collect, use, store, process and share any personal data we collect from or about you. Please read this Privacy Notice carefully to understand how we treat your personal data, when you are using our website or our online services.

Corporate information of the SmartSearch Group

We are the SmartSearch Group (referred to as “we, “us”, “our” or “SmartSearch”):

• SmartCredit Limited (company number 05534508), a company registered in England at Mayfield House Lower Railway Road Ilkley LS29 8FL; or

• SmartSearch BV (company number 862372720) a company registered in the Netherlands at , or

• SmartSearch US, Inc (company number 803373572) a company registered in Delaware, United States.

 

What does the SmartSearch Group do?

SmartSearch provides anti-money laundering and identity verification solutions to companies who are SmartSearch’s customers (“Company”).  Our services allow our customers via our web based platform to do business with their clients who may be individuals (“you” or “End User”) or companies and assist them in facilitating identity verification and anti money laundering documentation checks (“Verification Checks”).

In performing the Verification Checks, the Company will ask you for certain information in order for us to carry out the Verification Checks. This information will be shared with third party data providers (“Data Providers”) who will use it to prevent fraud and anti money laundering and verify your identity or documentation. We will then send a report detailing the results of the Verification Checks with the Company who will make a decision on how to proceed with you. For more information on how that Company will use and store your personal data please refer to the Company’s privacy notice.

 

SmartSearch’s commitment to data privacy

SmartSearch has implemented appropriate technical and organisational security measures in order to meet our commitment to protecting and respecting the personal data and privacy of individuals (referred to as “you”, “your” or “End User”). We are committed to our privacy obligations under the EU General Data Protection Regulation, UK GDPR, US Privacy laws and related privacy rules (“Data Protection Laws”). We are the data controller as defined by UK GDPR.

This Privacy Notice explains the following:

• 1. Who are we and how can you contact us?

• 2. What kinds of personal data do we collect, and how?

• 3. SmartDoc NFC

• 4. What do we use personal data for?

• 5. What are our legal grounds for handling your personal data?

• 6. Who do we share your personal data with?

• 7. Where in the world is the personal data sent and stored?

• 8. For how long is my personal data retained?

• 9. Do we make automatic decisions about you or profile you using your personal data?

• 10. What rights do you have in relation to the personal data we hold about you?

• 11. Who can you complain to if you are unhappy about the use of your personal data?

• 12. Changes to this Privacy Notice

Our website and online services are not intended for children and we do not knowingly collect data relating to children.

1. HOW CAN YOU CONTACT US?

You can contact us about issues relating to your personal data, including the contents of this notice, by any of the following methods:

Post:  F.A.O Data Protection Officer at either;

• SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR

• SmartSearch BV,  Strawinskylaan 1457,  1077XX Amsterdam, The Netherlands; OR

• SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA

Email:  dpo@smartsearch.com

Telephone: 0113 238 7660; or +1 855 933 6265 or +31203082329

2. WHAT KINDS OF PERSONAL DATA DO WE COLLECT, AND HOW?

We collect personal data about you from your interactions with us, e.g. filling forms on the site or by corresponding with us (for example by email or chat) and from certain third parties and other sources (such as from publicly available sources where permissible). We have set out below the types of personal data we will collect:

If you are a website user:

• Name and contact details; such as first and last name, email address, postal address, phone number and other similar contact data

• IP address

• Information about the device you are using to access our websites; such as the type of device, its operating system type, device ID, browser, and what cookies are on it

• Information about your use of our websites; such as what pages you have visited and what content you have downloaded

• If you are an End User:

• Name and contact details; such as first and last name, email address, postal address, phone number

• Personal identification numbers; such as your social security number or national insurance number.

• Family circumstances information; your marital status and dependants if you are a PEP or a close associate of a PEP.

• Employment or role details; for example the organisation you work for, public roles (including political, diplomatic, religious, judicial, military and trade union roles), your job title and education history.

• Professional and personal affiliations; organisations and individuals that you may be associated with in your professional or personal capacity.

• Financial information relevant to understanding your income or wealth; for example bank accounts, bankruptcy or insolvency fillings.

• Your inclusion (if any) on sanctions lists or on public lists of disqualified directors or other positions of responsibility.

• Public domain data about actual or alleged money laundering or terrorist financing crime.

• Information about our dealings with you; such as what information we have sent you, who in our organisation knows you, and what meetings, events or webinars you have attended. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails, clicked on a link or watched a video.

• Information including digital content uploaded via secure link that has been sent to you by the Company, photos (selfies and liveness checks for ID verification), documents (for document verification such as passports, driving licence, national ID card or residence permits).

We may also receive information about you from third party service providers such as credit reference agencies, fraud detection agencies and registration or stockbroking industry exchanges. We may also receive personal data from third party social media services such as Google, LinkedIn and Facebook, or other commercially available sources. We do not control the information on you that such networks obtain, or the technology they use to do so. We may also record calls with you for quality and training purposes.

Some of the personal data we may collect about you may be special category data, as defined in the Data Protection Laws. We will only collect and use this information if the Verification Check requires it and the Data Protection Laws allow us to do so and will take extra care with this data. We generally process special category data for reasons of substantial public interest on the basis of applicable law. Special categories of data reveal information about:

• Physical and mental health;

• Sexual orientation;

• Racial or ethnic origin;

• Political opinions;

• Religious and/or philosophical beliefs;

• Trade union memberships;

• Criminal convictions and offences;

• Genetic and biometric data;

• Health data including gender.

• The Company may request us to carry out the following Verification Checks, therefore the data that will be requested from you will depend upon the Verification Check we are asked to perform:

• ID verification

• Documentation verification (which may include NFC)

• Mortality check

• International PEP check

• International sanctions check

• Ultimate beneficial owner check

• Source of Funds

Cookies

We use cookies and other/or tracking technologies to distinguish from other users of our sites and to remember your preferences. This help us to provide you with an optimum user experience when you browse our site and allows us to improve our site on an ongoing basis. For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choice regarding our use of your cookies, see our cookie policy.

3.         SMARTDOC NFC

You may be asked to perform a Verification Check called a SmartDoc with NFC.  This check uses biometric and facial data.  SmartSearch holds this biometric and facial data for 30 days from the date it was collected and then it is deleted. We store it for this length of time to allow the search results to be verified. We have a contract with a third party called Verifai who operates the app through which the face data is collected. They do not store or hold information after the session has ended. SmartSearch collects and stores this data in accordance with the purposes set out in clauses 4, 5 and 6 below.

 

This section explains the purposes for which we use your personal data.

Marketing

We use your personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items, whitepapers, case studies and blog posts, or in administering any prize draws that you are offered and elect to enter. We may contact you to ask you to confirm or update your choices, such as when there is a change in the law or the structure of our business. We might contact you for marketing purposes through various channels such as by email, telephone or post.

You can withdraw from marketing at any time by either using the relevant unsubscribe button in our emails, or by contacting us using the details above.

If you are an End User we will not send you any marketing communications of any kind.

Provision of services, including administration and management of our records

If you are a Company or a representative of a Company we use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you and/or your representatives. This could include activities such as letting you know about product changes or planned maintenance activity, contacting you with billing enquiries, inviting you to events and webinars, dealing with your enquiries, retaining records of your instructions and telephone calls, responding to any data rights you invoke, or asking you about what sorts of products you want us to develop.

Monitoring and improving our websites

We use information such as how you navigate around our websites, how long you spend on particular pages, whether you download any of our content (including product brochures, white papers and so on), in order to help improve the user experience of our websites. We may also use this information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which can be based on your activity on our websites. We can do this ourselves or appoint an agency to do this on our behalf.

To protect our rights

We may use your personal data as we believe to be necessary or appropriate in order to protect, enforce, or defend the legal rights, safety, or property of us, our employees, agents and contractors; protect against fraud and other unlawful activity; to comply with and enforce the law or legal process; or to respond to requests from public and government authorities, to the extent permitted by applicable law.

 

5. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA?

Under the Data Protection Laws, we must have a legal basis for using your personal data.

One of the legal reasons we may rely on is when we use your personal data for our legitimate interests (this is usually when we have a business reason). However, we will always ensure that we take your interests in to consideration too, and ensure that the use is fairly balanced.

Generally, our legitimate interests will be one of the following:

Running a business         We have an interest in running and developing our business, enforcing our terms and conditions, and to ensure a safe environment for our website visitors. We also have an interest in setting up and administering your account, to provide technical and customer support and training, and to send important account, subscription and service information.

Consent              Where you have agreed to us collecting your personal data, for example you have ticked a box on a form regarding marketing emails, or where we process any special category data about you. We will only ask for your consent in relation to specific uses of personal data where we need to, and, if we need your consent, we will make it clear that we are asking for it.

Contract    Where We need to perform a contract We have with the Company,

• Meet our legal obligations, fraud prevention, anti money laundering requirements and verification checks

• Satisfy our legitimate interest in properly performing the agreement we have in place.  

Marketing           We have an interest in promoting our products and services to our clients and potential clients (Companies). We may also market to you to help you learn about products and services that might be of use to you, or where we have an interest in learning about your needs so that we may better understand what products or services could be of interest to you.

6. WHO DO WE SHARE THE INFORMATION WITH?

We may make your personal data available to third party services providers, such as contractors, agents or sponsors, who help us manage or provide our products and services. For example:

• We might use a third party email broadcasting service in order to send you marketing emails ;

• Credit reference agencies; Fraud prevention agencies who will use your personal data to prevent fraud and money-laundering and to verify your identity; our data providers are Equifax, Experian, Trans Union, Dow Jones, TrustID and Verifai. Please see their individual privacy polices that apply to your data shared with them.

• Companies who are carrying out verification Checks on You, they will also have their own privacy notices about how they process any personal data they hold about you. Please contact them for further information.

• We might use a printing company to produce and send personalised direct mail;

• Our database of personal data may be held by third parties on our behalf;

• We might use a third party to process payments and deliver subscriptions, or

• Service providers acting as processors based in England & Wales to provide IT and system based administration services.

• Hubspot, our current customer relationship management system. Please see their individual privacy polices that apply to your data shared with them.

These third party service providers are required to protect personal data entrusted to them and not use it for any other purpose than the specific service they are providing on our behalf.

In some circumstances, we may be legally required to share your personal data, for example if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We may also transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. At all times, we take steps to ensure your privacy rights continue to be protected as per this Privacy Notice.

 

7. WHERE IN THE WORLD IS THE INFORMATION SENT AND STORED?

Within Europe

We are based in the United Kingdom, The Netherlands and the United States will normally access and use your information from each of those locations as appropriate. We will usually store your personal data on secure servers in the relevant jurisdiction, and will seek to protect your personal data by limiting access to your personal data to those employees, agents, contractors and other third parties with a legitimate need to know and ensure that they are subject to duties of confidentiality. We also have in place procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the relevant data protection authority where we are legally required to do so.

If instances arise where we transfer your personal data to countries outside of the European Economic Area (“EEA”), we will take appropriate steps to ensure the personal data is afforded the same level of protection as described in this Privacy Notice. For example, we may rely on adequacy decisions or any adequate data transfer mechanisms adopted by the European Commission or a supervisory authority for transfers outside of the EEA.

 

8. FOR HOW LONG IS MY PERSONAL DATA RETAINED?

We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter, but in any event upon expiration of the relevant statutory retention periods. We store any biometric or face data for 30 days, our providers do not store this information they only have access to it so long as the session is open.

 

9. DO WE MAKE AUTOMATIC DECISIONS ABOUT YOU OR PROFILE YOU USING YOUR PERSONAL DATA?

We use certain profiling techniques in order to help us to understand you and your needs. This in turn helps us to understand which products and services you might be interested in. We do not use automated decision-making or profiling to make any decisions about you. We do not use your data for profiling or scoring.

 

10. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU?

You have several different rights in relation to the personal data that we hold about you. These are briefly described below.

Right of access:

You have a right to find out what personal data we hold about you, and to a copy of any personal data processed about you. 

Right to rectification:

If you believe that the information that we hold about you is inaccurate, incomplete or out of date, you have a right to get it corrected.

Right to request deletion:

If you want us to delete your personal data, you can ask us to do so at any time. The circumstances when deletion can apply include when we no longer need it to meet a lawful basis for processing unless that basis is consent and you withdraw your consent, or you object to the processing, or the processing is unlawful. However, certain exclusions apply – where the processing is necessary for compliance with a legal obligation or to establish, exercise or defend legal claims.

Right to request restriction:

You can ask us to restrict our use of your personal data in some circumstances:  a) if you want us to establish the data’s accuracy; b) where our use of the data is unlawful but you do not want us to erase it; c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to object to processing:

You may request that we stop processing information about you. Upon considering your request we will let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights, or to bring or defend legal claims.

Right to withdraw consent:

This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.

Right to data portability:

You have the right to ask us to provide your personal data to another data controller or third party service provider. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Rights related to automated processing:

Where this processing produces legal effects or significantly affects you, you can object to this processing unless the processing is necessary as part of our contract or is required by law.

 

11. WHO CAN YOU COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact with us in the first instance so that we can investigate your concerns. Please contact us using these details:

• Post: SmartCredit Limited, Mayfield House, Lower Railway Road, Ilkley, LS29 8FL; OR

• SmartSearch BV,  Strawinskylaan 1457,  107XX Amsterdam, The Netherlands; OR

• SmartSearch US Inc, 3300 North Triumph Boulevard, 1st Floor, Lehi, UT 84043.USA

Email: dpo@smartsearch.com

Telephone: 0113 238 7660, +1 855 933 6265 or +31203082329

You also have the right to lodge a complaint with the relevant data protection authority including Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom or the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) https://autoriteitpersoonsgegevens.nl/en, in the UK you can do this online through the ICO’s website at www.ico.org.uk or by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. In the Netherlands you can do this by writing to Dutch Data Protection Authority at Autoriteit Persoonsgegevens PO Box 93374 2509 AJ DEN HAAG The Netherlands or by telephone (+31) 70 888 85 00.

 

11. CHANGES TO THIS PRIVACY NOTICE

We review our use of your personal data regularly. In doing so, we can change what personal data we collect, how we keep it and what we do with it. As a result, we may change this Privacy Notice from time to time to keep it relevant and up to date.

Any changes will be immediately posted on our websites and we recommend that you check this page regularly to keep up to date. This Privacy Notice was last updated on 27^th June 2023.