This Privacy Policy explains to you how www.iaca.eu (‘IACA’) is committed to the responsible management, use, and protection of personal information.
IACA use and secure your personal data whilst you are using the IACA website www.iaca.eu or when you enter into a contract with IACA to provide services to your organisation.
IACA processes service users personal data as directed by our clients for the provision of our service. Our clients are controllers who determine the purpose of Processing of Personal Data and, accordingly, IACA is a processor of user personal data with respect to those services. In other cases, IACA is a controller of user personal data (e.g. users of IACA´s web page).
IACA takes the protection and security of your personal data very seriously and this policy sets out our responsibilities under the General Data Protection Regulation (‘GDPR’) and other applicable laws/regulations in European Economic Area (EEA) relating to the processing and security of personal data.
The website technology, website management, API and timestamp interfaces for obtaining the ‘date and time certain’ are managed by the technology company:
WE GET Limited
Triq il-Kbira 138, Flat 4, IL-Mellieha, MLH 2315, Malta (EU)
Tel. +356 99582860
The certification procedure as a whole is managed by the inspectors of:
INTERNATIONAL ANTI-CORRUPTION ASSEMBLY
15/3 E. Konovaltsia str, Kyiv, 03150, Ukraine
tel. +38068 843 65 93, tel. +38050 843 90 83
e-mail: info@iacassembly.org
Legal entity identification code 40030266
If you have any questions or concerns regarding the processing of your personal data, you can contact our Data Protection Officer at info@iaca.eu.
IACA is entitled to unilaterally amend the given policy at any time by notifying the Clients not later than 14 days prior of any significant amendments via the IACA website, email or other communication means. In issues not regulated by this policy, Terms of Use shall apply.
Introduction of the service
This document explains how the phases and respect for privacy are managed, but beforeproceeding with the reading, it must be understood that the iaca.eu portal is composed of two salient parts, the first being the compilation phase, managed and resident in the portal itself and described in the following paragraphs, and the second being the identification and certification phase, managed outside the iaca.eu portal as specified below.
Since this is a complex subject, each user can elaborate on it by writing to info@iaca.eu.
The data entered in the portal, through systems that use Asymmetric Encryption are analysed and signed by the I.A.C.A. Inspectors through the I.A.C.A. private network (I.A.C.A.VPN), the final product, the Report or Due Diligence, are encrypted through the functions of secure HASH SHA-256 and archived in an encrypted manner and not readable or traceable in the I.A.C.A. Private Cloud.
No data is stored or maintained by iaca.eu.
The data can only be queried through the use of private cryptographic keys, which give access to the HASH indexes stored in the Blockchain, which in turn give the ID coordinates in the I.A.C.A. Private Cloud.
Only the private keys allow the data owner to have unencrypted access to their data.
It is not possible to modify the data, in case changes or updates need to be made, one can only create a new edition of the document, a new HASH, a new ID, which will be indexed from time to time in the last edition produced.
Only the owner of one’s own data has access to the data.
In no case and in no way, no member of I.A.C.A. or We Get Limited, have access to consult the data, only the rightful owner can have access to it through their private keys.
When the owner of the data requests its data destruction, by accessing his user page, he\shecan request the closure of his\her account and through his\her private keys, the system will rejoin the HASH indices saved in the Blockchain, so the user can identify and destroy the IDs in the I.A.C.A. private cloud, de facto destroying the related data contained therein, this operation is not disputable, the HASH indices saved in the Blockchain will always remain available but no longer congruent and traceable to the ID references in the I.A.C.A. private Cloud.
Personal Data we process
Personal data we process about clients and their representatives:
For entering into an Agreement, for providing our Service, for communicating with the representative of our client and for other lawful reasons we need to Process the data of client’s representative.
This means we may Process, among other, following Personal Data of the representative of the client:
We collect this data either from you directly, when you communicate with us directly e.g., sending us an email, providing us with your Personal Data on the phone or through visiting our offices.
Please note that we also check information about client (incl. about relevant representatives of client) from publicly available sources.
Personal data we process about our services user
IACA provides personal identity verification services to clients. This means we verify service users and for that service users, have consented to data Processing according to client’s privacy policy and to data Processing by us in accordance with this Privacy Policy.
We may collect and Process, among other, the following Personal Data:
– personal information of service user, such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship, but also historic data of that service user that may have been stored with us during previous counteractions within the retention periods;
– document details, such as the name of the document, issuing country, number, expiry date, security features;
– facial recognition data, such as photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process;
– contact details, such as address, e-mail address, telephone numbers, IP address;
– technical data, including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
– biometrical data, such as facial identifiers;
– publicly available relevant data, e.g. information about being politically exposed person (PEP) and checks in sanction lists.
In order to Prevent misuse or abuse, when you use our service via one of our clients, Google may collect your device information through Google’s reCAPTCHA service. This information is processed for the purpose of preventing abuse or misuse of services, based on our legitimate interest. Google will process this information in accordance with its terms of service and privacy policy.
Legal basis for processing personal data
IACA processes Client and service user related data, including personal data, on the following basis:
the Client/service user has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of the Client agreement to which the Client is a party or in order to take steps at the request of the data subject prior to entering into a Client agreement;
processing is necessary for compliance with a legal obligation to which IACA is subject to;
processing is necessary for the performance of a task carried out in the exercise of official authority request;
processing is necessary for the purposes of the legitimate interests pursued by IACA or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Client/service provider which require protection of personal data.
www.iaca.eu’s legitimate interests are expressed in furtherance of its own operating activity in offering Clients better services and products, developing its own products, ensuring data and information security and performance of general legal obligations set forth in legal acts.
The GDPR and your rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
As an individual, you have rights under the GDPR regarding the use of your personal data, these are:
Your right of access – You have a right to know what personal data IACA hold on you and for what purpose we are processing your personal data.There may be some exemptions, which means you may not always receive all the information we process.
Your right to rectification – You have the right to ask us to rectify any information you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to processing if we are able to process your information because the processing is in our legitimate interests.
Your right to data portability – You can request that the personal data you have provided to IACA be ported to another organisation.This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Please read more about your rights from chapter III of the General Data Protection Regulation.
If you wish to exercise any of your rights regarding Personal Data or ask questions about the Privacy Policy, please submit a corresponding request to us at info@iaca.eu We will respond to your request by e-mail as a rule no later than one calendar month. If your request is complex or you make more than one, the response time may be a maximum of three calendar months, starting from the day of receipt. Please note that before we can provide you with the requested information regarding your Personal Data, we may need to verify your identity.
If your request concerns data we have Processed as a Processor you must submit your request to the service provider who is the controller of Processing of your Personal Data, we will inform you if this is the case.
Retention of Personal Data
IACA shall not process Client Data for longer than necessary for performing the objectives of the Processing, including for complying with the duty, set forth in legal acts, to retain data and for resolving disputes arising from agreement(s) entered into with the Client or for resolving potential disputes. IACA shall preserve Client data, who has entered into a Client agreement for receiving the investment services, for at least five years following the termination of the Client relationship, unless other terms for the preservation of data or documents are prescribed by law.
Submission of complaint
Where you believe that IACA has not taken our responsibilities with your personal data seriously, you have the right to complain to Data Protection Inspectorate.