Privacy
User Overview
Welcome to Resiliant ID™, the system that empowers users with full and personal control of their Digital ID.
All biometric data and ID documentation uploaded to Resiliant ID™ is encrypted and stored on the user’s phone. Only the user can access, view, edit, share, or delete this data. Additionally, to enhance security, all biometric checks are performed by our advanced Artificial Intelligence system, with no human involvement.
Resiliant ID™ provides a simple ‘Yes or No’ confirmation to third parties upon request, verifying the user’s ID. We do not share any user data unless explicitly requested or agreed upon in advance.
If a third party requires a copy of the user’s photo ID, the user is always asked for their consent before sharing it.
Since all identifying biometrics and photo IDs are stored directly on the user’s phone and not uploaded to any external server or cloud, deleting the app removes all shared data from Resiliant ID™.
Full Data Protection Policy
Data Protection
Resiliant (referred to as “the Company”) as a software product or service business takes its responsibilities under the EU GDPR and other data protection laws seriously. This document outlines the policy framework introduced by Resiliant to effectively manage Data Protection for all parties involved.
This Policy applies to both Resiliant’s clients and individuals providing their personal data for processing (referred to as “Data Subjects”).
The Company acts as a Processor of personal data under Article 28 of the EU GDPR and may also serve as the Data Controller under Article 24 in certain cases. Personal data and biometrics submitted by Data Subjects remain securely stored on the user’s phone, with no external data processing or transfer.
Our corporate clients, whether within or outside the EU and EEA, do not have access to personal data unless required by applicable laws. Resiliant never shares ID documents and biometric information with third parties unless requested by the data user in writing or necessary under applicable laws.
Scope of the Policy
While Resiliant does not typically handle personal data, this policy ensures that Resiliant’s staff comply with regional and English law, as well as the EU GDPR, in the event that personal data processing becomes necessary. It also provides information to Data Subjects on how their personal data is controlled and protected.
The Company adheres to data protection principles, ensuring that personal data is processed fairly, lawfully, transparently, and securely. Personal data is kept only for necessary purposes, is accurate, and not retained longer than required.
Responsibilities
- a) Resiliant’s Responsibilities
Resiliant is responsible for establishing policies and procedures to comply with the EU GDPR and local laws. The Data Protection Officer is the key contact for these matters (contact info: [email protected]).
- b) Data Protection Officer’s Responsibilities
- The Data Protection Officer is responsible for:
- Ensuring compliance with this policy.
- Handling subject access requests.
- Resolving data protection breaches.
- Responding to data protection complaints.
- c) Resiliant Staff Responsibilities
All staff processing personal data must comply with this policy. Staff must ensure data security, confidentiality, and promptly report any data protection breaches.
- d) Third-Party Processors
Resiliant remains responsible for the security and appropriate use of data when third-party processors are used. Selection criteria, security measures, and data processing agreements are in place.
Specific Measures to Ensure Data Protection
The Company implements various measures to ensure data protection, including agreements compliant with the EU GDPR and other regional data protection laws, secure data transfer methods, encryption, anonymization/pseudonymization, background checks, training, audits, and more.
Physical Security
The Company prevents unauthorized physical access, damage, and interference to information and processing areas through measures such as removable media restrictions, CCTV monitoring, entry controls, secure areas, and hardware protection.
Software and Network Security
Regular vulnerability scans, penetration tests, code reviews, and staff training are conducted. Network connections are secured, and malicious behavior is monitored using machine learning.
Data Protection Breaches
Any data protection breach is reported immediately to the Data Protection Officer and/or CEO, including details of the incident and data classification involved.
Data Subjects’ Rights
Data Subjects have various rights, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and avoid automated decision-making.
Data Collected
The Company typically collects name, passport data, address, facial image, phone IMEI, and GPS location. However, this information is stored exclusively on the user’s phone, and only the user has access.
Purposes for Data Collection
Data is collected for identification and client diligence compliance, such as KYC and AML compliance. Data is subject to automated verification against various databases.
Consent to Data Processing
Personal data is collected and processed based on Data Subjects’ informed and explicit consent.
This Policy is regularly reviewed and updated to ensure compliance with the EU GDPR and other applicable laws. For requests or complaints, please contact us at [email protected].