Privacy Policy

This policy was last updated on 18th September 2023.

Verificient Technologies Inc. (“Verificient”, “Company” or “we” or “us” and/or “our”) takes the privacy of all its stakeholders seriously. As such, we have set forth the following privacy policy:

Welcome to Verificient’s Platform (“Platform”) which provides identity verification, security and monitoring services. This privacy policy (the “Policy”) outlines the policy adopted by Verificient, relative to the collection, use, storage, and disclosure of personal information on the site and on all related websites (together “Sites”), networks, applications, and other services provided by us, including the Platform (collectively called as  “Services”). Through this policy, we attempt to make information about how we handle personal information available with us.

Unless your ‘Organization’ has arranged separate terms and provided you those terms in writing, or you have been provided different terms in writing by us, the terms of this policy apply to you and your relationship with us. Please take the time to familiarize yourself with this Policy and if you have any questions, please contact us at privacy@verificient.com. This policy is incorporated into and is subject to our Terms of Service.

Definitions:

Client or ‘Organization’ or RemoteDesk Sponsor – the subscriber of RemoteDesk SaaS services  which may require or recommend the use of RemoteDesk within its ‘Organization’.

Data Controller – The ‘Organization’ which requires data collection of its employees to operate RemoteDesk. The requirements needed for the ‘Organization’ to deliver a high level of remote workplace integrity is dictated by the ‘Organization’, and often federally mandated by Federal Compliance Regulation (ex. PCI, HIPAA, etc) and/or is required by the Organizations work from home policies.  

Data Processor – Verificient and its product (RemoteDesk) acts as a processor of data for the ‘Organization’ or Data Controller. The processing includes identity verification of employees and anomaly detection using AI to ensure federal compliance policy and/or work from home policy as outlined by the ‘Organization’ or Data Controller meets Organization requirements. Verificient temporarily stores the data in encrypted Data Cloud Storage facilities for a Data Retention period requested and configurable based on Organization requirements (default 7 days) and destroys / purges the data thereafter.

Services We Provide 

We provide Services on behalf of the Client. They may be an Organization of which you are an Employee or a Member (in any form, including but not limited to a User of their services). Data Controllers are ‘Organizations’ or Companies that offer and control any data we collect as a result of an express  Work Compliance Monitoring and Data Protection Agreement with them. We collect and/or receive personal information about you in order to comply with  workplace or federal compliance policies as required by the ‘Organization’.  “Personal Information” is any information, such as name or email address, that identifies or can be used to identify the person to whom such information pertains, or is associated with a person. While providing Personal Information is voluntary, it is necessary if you are to obtain the service, or credential that you seek from the Organization. We handle and treat the Personal Information collected or received while  providing our Services in a manner that is consistent, first and foremost, with any binding agreement we have with our Clients. In the absence of a binding agreement, we will handle and treat your Personal Information in a manner that is consistent with this Policy and the applicable law.

This Policy describes how we collect, use, store, and share information about you in connection with your use of the Services.

Information We Collect 

Personal Information that you provide through the Services: We collect Personal Information (as per the requirements set by your Organization after receiving consent from you, the  user, such as when you:

  • Register for and/or login to the Platform; request customer support, a demo, or more information; 
  • Communicate with us via email, our website  or social media sites; 
  • Provide biometric data, including as part of onboarding to the Services, to create your baseline profile.

 

Personal Information collected through our Services may include the following:

  • Name
  • Employee ID card (based on Organization requirement).
  • Name of the Organization
  • E-mail Address
  • Screen Captures / Desktop Screenshots (based on Organization’s requirement and configuration)
  • Video recordings or image snapshots from webcam (based on Organization’s requirement and configuration )  
  • DeskScan (based on Organization requirement and configurations)
  • Biometric data : Face scan, which may be considered as biometric information under certain regulatory regimes
  • Hardware and software details (background process list, system configuration information,  etc)

 

Please be assured that the actual data collected is limited to the agreed categories (out of the above) with your Organization as per their requirements and configurations. You may check with your Organization’s Privacy Officer for details.

Information Provided to us by your Organization to enable our Services may include the following:  

  • First and Last Name
  • Email Address
  • Company ID Number
  • Allowed IP address(es)

 

We may collect information about you from your Organization such as your email address, to provide you a registration link to our Services. This information may also be combined with the Personal Information collected from you. 

Information which may be required but is not stored: Depending on the configuration of the Services by the the Organization, you may be required to provide the following information, which is not stored on our System: 

  • Keystroke/mouse analytics:  We do not collect and store Keystroke Data but we may collect the number and timing of keystroke events or other connected I/O device events. We may also detect and restrict certain keystrokes to facilitate the workplace compliance requirements. 

 

Cookies and Other Tracking Technologies: 

  • We use various technologies to collect information, including cookies. A cookie is a small file placed onto your device. Across the web, cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience on a website. Cookies make the interaction between you and the website faster and easier. If a website does not use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it will not recognize you, and it will not be able to keep you logged in.
  • Our Services use cookies and similar technologies, such as web beacons, to identify your device and enable the functioning of our features, including the ability to log into your account, authentication, security, preferences retention, performance optimization and data analytics.
  • If you do not want to receive cookies, you can change your browser settings. If you use our Services without changing your browser settings, we will assume that you’ve agreed to receive all cookies on the Company websites. Please note that our Services will not function properly without cookies.
  • Our Services may use two types of cookies, session and persistent. A session cookie expires after a set time, normally when you close your web browser. A persistent cookie remains after you close your web browser and may be used on subsequent visits to our Services to enable us to recognize you as an existing user.
  • We record certain information and store it in log files when you interact with our Services. This information may include IP address, browser information, device information, internet service provider, operating system, date/time stamp, and other system configuration information. We and our analytics providers also collect and store analytics information when you use our Services to help us improve our Services.


External Websites and Third Parties 

From time to time, our Services may contain links to third party websites for providing support. The policies and procedures we describe in this Policy do not apply to the third party websites. The links from our Services do not imply that the Company endorses or has reviewed the third party websites. We suggest contacting those sites directly for information on their privacy policies before providing any of your personal information to them.

GCP (Google) is our cloud service provider. All the Data stored on the cloud servers is encrypted.

How We Use Your Personal Information 

Verificient does not share or sell any information (including user data) to third parties. 

We use your Personal Information generally as a Data processor on behalf of your ‘Organization’ to provide, improve, and develop our Services as per their specific requirements.  We do not use your Personal Information for any purpose other than delivering what is required by your ‘Organization’.  For instance, we use your Personal Information to register you for our services , answer any Tech Support questions or concerns you may have. We may also use your Personal Information to contact you about Scheduling, Technical, Security or other remote monitoring and work compliance related issues or to contact you for other administrative purposes, such as customer service. We use biometric data that we collect from you during onboarding to create your baseline profile for the Services and for confirming your identity when you log on to our services.

To Whom We Disclose Your Personal Information 

When you onboard to use our Services, we provide your Personal Information to your ‘Organization’ to enable them to validate your identity. For further information about how your Organization may use your Personal Information, please contact your Organization’s Privacy Officer.

We may also disclose your Personal Information in the following situations:

  • When we believe it is reasonably necessary to comply with laws and regulations, or in response to a subpoena, court order, or other legal processes.
  • To protect against misuse or unauthorized use of our Services, or to protect the security or integrity of our Services or any facilities or equipment used to make our Services available.
  • To limit our legal liability and protect our property or other legal rights, or the rights of our Remote Desk service availing clients and ‘Organization’.
  • To address actual or suspected fraud or other illegal activities.
  • In the case of any merger, sale, acquisition, bankruptcy, liquidation, or other transfer of assets involving the company, any of your personal information which remains on the company’s servers at that time, may be transferred to and / or managed by the acquiring company or entity.

 

We may also seek your consent for additional disclosures of information, including your Personal Information, and will share it only as described to you.

Data Security 

We take the security of your Personal Information seriously. We employ industry standard practices to protect your Personal Information in accordance with this Policy and applicable law. However, you should be aware that we do not control the security of your own equipment or your own network connection and therefore any information you transmit to us through the equipment or internet connection you use, you transmit at your own risk.

Data Integrity 

We take reasonable steps to ensure that the data we collect is reliable for its intended use. However, it is your responsibility to update us with any relevant changes in your Personal Information so that we can provide you with our Services. We collect Personal Information that is relevant for the purposes for which it is to be used. Furthermore, we take reasonable steps to ensure that we process Personal Information in a way that is consistent with the purposes for which it is collected.

Data Retention and Deletion

By default, data collected for remote desk monitoring  (including biometric data) are held for up to seven (7) days after submission and your baseline profile and data collected for identity verification purposes (including the biometric data we use to create your baseline profile) is retained based on your Organization’s requirement and configuration from the time the baseline is created on our Platform.

The ‘Organization has the capability to configure a custom Data Retention Period as per their requirements, which shall always take precedence over our default Data Retention period. 

After the applicable retention period, we will automatically purge (delete) your Personal Information from the Platform and our systems  and maintain only the minimal amount of data required for use of our services  and necessary business purposes and legal compliance –  which in most cases means the bare minimum, non-identifiable data, stored in an anonymised form to show certain session details such as the date, time, duration, and volume of sessions that took place. After the retention period, only your  ‘Organization’ has your data if they have exported from our system and retained it.

As explained above, we provide our Services as a Data Processor on behalf of your ‘Organization’ who have the right to receive your data. We do not control what your ‘Organization’ does with your data. Your ‘Organization’  has their own policies with respect to data retention and deletion. For further information on such policies, to revoke consent related to biometric data, or to request deletion of any Personal Information outside of the retention policies described above, please contact your Organization’s Privacy Officer.

Please be aware: for any Data Deletion or Data Editing or Data Information or exercising any of your rights with regards to the Data should be  directed to the Privacy Officer or Officer of your ‘Organization’, who is the Data Controller.

The Choices You Have With Your Information 

Right to Know – Decisions regarding any request you make about your personal information data generally rest with your ‘Organization’ as the Data Controller for whom Verificient is a Data Processor as they by law, will generally have to approve any such request. 

Most of the time you would not be creating an account with us, rather you would be using single-sign-on via your ‘Organization’. However, if you created an account directly with us in connection with your use of the Services, you may modify or update some of your Personal Information by logging in and accessing your profile. You should be aware, however, that it is not always possible to completely remove or modify information in our databases. If you wish to access or modify any other Personal Information that we hold about you, you may contact your Organization’’s Privacy Officer who will forward your request to us for further action. If you have not created an account with us in connection with your use of the Services and wish to access or modify any Personal Information that we hold about you, we may ask you for some Personal Information in order to verify your identity and your rights to the data, subject to your request.

Verificient gives its users whose information we receive under the EU-U.S Data Privacy Framework (DPF), the right to restrict the onward processing of their personal data and data portability, subject to certain limitations and exceptions as defined by the ‘Organization’. Any request related to change in use of the services, onward data processing, data portability, etc. should be directed to your Organization’s Privacy Officer. If for some reason, you are not able to contact your Organization’s Privacy Officer then you may contact us at privacy@verificient.com or raise a ticket request at https://www.remotedesk.com/support

International Users and International Data Transfer 

In order to provide the Services, here is how we manage your Personal Information data:

Data collected for your Organization located in Canada is stored within the Canada region.  Data collected for your ‘Organization’  located in the EU is stored within the EU region. Other data by default is stored in the United States. In case of Multi tenant SaaS solution, data will be stored in the US and in case of a Single tenant client, data is stored as per the requirement of the ‘Organization’.  Also, we may allow access to your data to other countries or regions in connection with the processing of data, fulfilling Organization’s requirements and for providing you the required Services.  We make such access available only to our own Employees or Authorized Users (as defined by the ‘Organization’), as necessary to provide you the Services. 

In the case of any such transfer or access, the personal information is subject to the law of the jurisdiction in which it is used or stored, including any law permitting or requiring disclosure of the information to the Government, Government Agencies, Courts and Law Enforcement in that jurisdiction. By providing your information on or to the Services, you consent to any such storage, transfer and processing in accordance with this Policy and applicable law. 

Representation for Data Subjects in the  EU and UK

We value your privacy and your rights as a data subject and have therefore appointed a EU & UK  Privacy Representative as our point of contact.

Our EU & UK  Privacy Representative provides you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative or make use of your data subject rights, please visit : EU & UK  privacy representative. 

It may however be quicker to exercise your privacy rights by contacting the Data Privacy Officer of your ‘Organization’ or the Remote Desk Sponsor.

Verificient Technologies Inc. adheres to the EU-U.S Data Privacy Framework Program (DPF) and Swiss-U.S. Data Privacy Framework Principles.

Note: Verificient adheres to EU General Data Protection Regulation (“GDPR“). Refer to our GDPR page for more information.

It may however be quicker to exercise your privacy rights by contacting the data privacy officer of your sponsor institution Verificient Technologies complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Verificient Technologies has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Verificient Technologies has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Verificient Technologies Inc. is subject to the jurisdiction and enforcement authority of the US Federal Trade Commission (FTC).

In compliance with the EU-U.S Data Privacy Framework Principles, Verificient Technologies Inc. commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our EU-U.S Data Privacy Framework policy should first contact Verificient Technologies Inc. at: privacy@verificient.com, or contact our Support team at : support@remotedesk.com, or chat with us via the chat window on our website – www.remotedesk.com.

Verificient Technologies Inc. has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your  Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

We acknowledge the right of EU, UK, and Swiss individuals to access their personal data. EU, UK, and Swiss individuals wishing to view or correct personal data may do so by following the instructions in this privacy policy found in “The Choice You Have With Your Information” section. Furthermore, said individuals also have the right to request deletion of data that has been handled in violation of the DPF Principles.

Verificient Technologies Inc. may be required to release the personal data of EU and Swiss individuals in response to lawful requests from public authorities including to meet national security and law enforcement requirements.

Verificient Technologies Inc. is liable for the onward transfer of personal data of EU and Swiss individuals to Agent Third Parties unless it can be proven that we were not responsible for the actions giving rise to the damages.

You can view the complete Terms of Service here.

Your California privacy rights

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the  California Privacy Rights Act ‘CPRA’ which works as an addendum to the California Consumer Privacy Act or ‘CCPA’.

For more details about the personal information we have collected over the last 12 months, including the categories of sources of personal information collected, please see the “Information We Collect” section above. We collect this information for the business and commercial purposes described in the “How We Use Your Personal Information”  section above. We share this information with the categories of third parties described in the “To Whom We Disclose Your Personal Information”  section above. Verificient does not sell the personal information we collect. Please note that we do use third-party cookies due to the technology of how Remote Desk is integrated with the platforms utilized by the Remote Desk Sponsor and for continuous use of the App (Desktop app, mobile app or browser plugin/extension app) and for purposes as further described in our “Cookies and Other Tracking Technologies” section above. 

Subject to certain limitations, the CPRA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), the ‘Right to request deletion’ of their personal information should be directed to the Remote Desk sponsor. The CPRA also provides the ‘Right to opt out’ of any onward sharing of their personal information that may be occurring and the ‘Right to not be discriminated against’ for exercising these rights subject to certain limitations as specified by CPRA.

California consumers may make a request pursuant to their rights under the CPRA by contacting the Remote Desk Sponsor Privacy Officer, or if for any reason you cannot contact your Remote Desk Sponsor Privacy Officer, you  may contact us at privacy@verificient.com or may create a ticket request on https://www.remotedesk.com/support. We will verify your request using the information associated with your account along with the steps within our identifying process, including email address with the assistance of the Remote Desk Sponsor. Government identification may be required. 

Information from Children 

Parental consent is required for use of the Services under the age of 13. We do not knowingly collect, maintain, or use personally identifiable information from children under the age of 13. We request that all visitors to our Sites who are under 13 years of age not disclose or provide any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Information on our Services without their permission. If we discover that a child under 13 years of age has provided us with Personal Information, we will take steps to delete such information.

Changes to this policy 

Company reserves the right to change this Policy from time to time by posting an updated Policy to this site and the “Last Updated Date” at the top of this page will be updated. We may also provide you additional notice, such as adding a statement to the Home Screen or sending you an email notification. Please review this Policy periodically and especially before you provide any Personal Information. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy. The prior version of this policy can be found here.

Our Contact Information 

Please contact us with any questions or comments you may have about this Policy, your information, our use and disclosure practices, or our Services by email at privacy@verificient.com.