Article 1. Introduction
This website and associated online web application (collectively referred to as “Service”) are owned and operated by Vivacity B.V., a limited liability company registered in the Netherlands (Dutch Chamber of Commerce registration number 83703527), along with its subsidiaries (collectively referred to as “VerifyPDF”, “we”, or “us”). At VerifyPDF we understand that your privacy is important, and we are committed to protecting your personal data. This Privacy Statement explains how we collect, use, and share your personal information in accordance with the General Data Protection Regulation (“GDPR”).
By using the Service, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, you may not use the Service.
Article 2. Information We Process
We process personal information of users who utilize the Service, and we host documents on our servers that contain sensitive private information, including but not limited to bank statements, payslips and tax filings. This data may include names, contact details, financial information and other personal identifiers.
Article 3. Grounds for Data Processing
We process personal data under the following legal grounds:
Contractual Necessity: We process personal data as necessary to provide the Service, including managing your registration, allowing you to use the Service and sending tailored communications.
Legitimate Interest: We process personal data for our legitimate business interests, such as statistical analysis and to fight document fraud. Specifically, we use data to assess the risk of document fraud, which benefits our clients by reducing their exposure to fraudulent activities.
Consent: In cases where we need specific consent, we will ask for it separately.
Article 4. How We Use Your Data
We use your personal data for various purposes such as providing you access to and send you communications relating to the Service. We may use anonymized data for statistical analysis to improve the Service. We use your data to safeguard and assist you in detecting and preventing document fraud and ensuring the security of our systems.
Article 5. Data Protection
Your data is important to us and we take our role in protecting it very seriously. We are committed to implementing robust security measures and practices to ensure the confidentiality, integrity and availability of our services and your data. Our data environments are hosted within Amazon Web Services (“AWS”) in the European Union and are exclusively accessed by EU-based engineers. We ensure no data traverses the internet without industry-standard encryption.
We stay up to date with the latest security patches and are vigilant about system vulnerabilities. We continuously monitor our systems for any potential weaknesses. When vulnerabilities are detected, we act promptly to apply necessary countermeasures. To minimize risks associated with traditional IT infrastructure management, we leverage serverless computing capabilities. Our serverless deployments are automated, further reducing human error and potential exposure points.
In line with the principle of least privilege, we restrict access to data and systems only to those who require it for their specific roles. This targeted approach to data access ensures that only authorized personnel have access to sensitive information. We have strong access control procedures in place to oversee who can access our systems and data. As part of these measures, all of the VerifyPDF staff uses 2-factor authentication to provide an additional layer of security, making it significantly more challenging for unauthorized individuals to gain access.
Article 6. Data Sharing
We do not share, sell and disclose your personal data to third parties, except as required by law or as necessary to provide the Service. We have appropriate agreements with our clients and service providers to ensure they also adhere to GDPR principles.
Article 7. Data Retention
We retain your personal data for as long as necessary for the purposes of the Service, up to a maximum of 90 days. Upon contract termination or discontinuation of the Service, data will be retained for at most 90 days unless otherwise agreed.
We may retain unstructured data, such as email communication or information received via contact forms, for up to 5 years for legitimate business purposes, including record-keeping and legal compliance. This data is securely stored and managed to prevent unauthorized access.
Additionally, we may retain certain data on an anonymized basis for research and development purposes. This helps us improve our services and develop new features. Anonymized data cannot be linked back to specific individuals and is used solely for analytical and development purposes.
Please note that our retention periods may be subject to change as required by law or our legitimate business interests.
Article 8. Data Processing Agreement
Because VerifyPDF makes it possible to store and use data, we are regarded as a processor and we will process the personal data in a careful manner. We recommend clients to enter into a Data Processing Agreement with VerifyPDF, which defines how we process and protect the data. A draft of the Data Processing Agreement is available upon request.
Article 9. Your Rights
Under GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data. To exercise any of these rights or in case of questions or concerns regarding this Privacy Statement or the processing of your personal data, please contact our Data Protection Officer (dpo@verifypdf.com).
Article 10. Updates to This Statement
We may update this Privacy Statement periodically to reflect changes in our practices or applicable laws. Please review this statement regularly to stay informed about how we handle personal data.
Last reviewed: 1 February 2024