Our data processing privacy policy

TrustID Privacy Policy

(Last updated: 27/05/2022)

Our contact details

Name: TrustID Limited
Address: 9 Greyfriars Road, Reading, RG1 1NU
Phone Number: 0118 466 0822
E-mail: info@trustid.co.uk
Data Protection Email: dpo@trustid.co.uk
Our data protection officer (DPO): URM Consulting Ltd, Blake House, Manor Park, Manor Farm Road, Reading, Berkshire RG2 0JH

The type of personal information we collect

We need to collect a range of information to provide our identity document checking services to our customers. For the purposes of the General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 (GDPR), our customers are the controllers of your information and we are processors of that data. The information we need to collect depends on the service that is provided to the customer. The basis of each check is the image of an identity document, and we check this is genuine either as a service in itself, or then use to perform follow-on checks. For example, some customers will also ask us to perform a facial match assessment, where we check that the image in an identity document matches a selfie provided by the holder. We may also be asked to perform an address verification check, and to do so we will check whether there are records of the identity document holder living at a specified address.

We therefore may process the following information depending on the service being accessed:

  • Contact information
    • Name
    • Email address
    • Job title
    • Street address
  • General identifiers
    • Sex
    • Date of birth
    • Nationality
    • Passport number
    • Driving license number
    • Identity card number
  • HR information
    • Potential employer
  • Credit and anti-fraud
    • PEP and Sanctions information

How we get the personal information and why we have it

TrustID customers will either pass your information to TrustID for the purposes they have agreed with you, or they will send you a link to enable you to upload your information to TrustID directly. We use the information that you have given us or the TrustID customer to perform the checks the TrustID customer has contracted us to perform.

TrustID may then process the information for one of the following reasons:

  • Right to work checks
  • Right to rent checks
  • Right to study checks
  • Customer screening
  • Address verification
  • Politically Exposed Person (PEP) & Sanction checks

We also receive personal information indirectly, from the following sources in the following scenarios:

  • • For Know Your Customer checks, TrustID sends your data to a third party, TruNarrative, to perform address verification and PEP & Sanctions checks.

We will share this information with the TrustID customer, TruNarrative and other third-party processors (such as Acuant and ReadID, and our data centre provider Iomart) necessary to carry out the data processing.

Regardless of data origin, TrustID will perform the required checks and communicate the results back to the TrustID customer only. The customer then decides whether they want to proceed with your application.

Under the GDPR, we rely on Article 6.1b “Contractual Obligation” as the lawful basis for processing this information.

How we store your personal information

Your information is securely stored in the United Kingdom.

We keep the information you provide for as long as we are contractually obliged to by the TrustID customer. After this point your information is permanently and irretrievably deleted. The default retention period is 7 days, although the data can be deleted manually prior to this point if no longer required by the TrustID customer. The TrustID customer may extend the retention period so Data Subjects should contact the TrustID customer (i.e. the organisation requesting the checks on your data) directly to confirm the retention period, because they are the controllers of your data.

Your data protection rights

Under data protection law, you have rights including right of access, right to rectification, right to erasure, right to restriction of processing, right to object to processing and right to data portability. If you would like to access a copy of, delete or otherwise exercise control over your personal information, contact TrustID using the details below. Please be aware that for most requests, TrustID will need to notify the TrustID customer as it is likely that the customer not TrustID will need to fulfil the request. This is necessary where TrustID is acting on the customer’s behalf.

You are not required to pay any charge for exercising your rights. If you make a request, the controller has one month to respond to you.

Please email dpo@trustid.co.uk or write to us at TrustID Ltd, 9 Greyfriars Road, Reading, Berkshire, United Kingdom, RG1 1NU if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@trustid.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Version number and updates

This is Version 2 of this privacy notice and is dated 27 May 2022. We keep this privacy notice under review and update it as necessary. Please visit TrustID’s website regularly to check whether any updates to this notice have been issued.

 

 

What being ISO27001 certified means

Our ISO 27001 accredited certification lets you know that we follow information security best practice, helping to eliminate or minimise the risk of a security breach, keep information secure and ensure compliance with data protection regulations.

ISO logo