One37 Privacy Policy

Last Updated: 15 August 2021

Your Privacy is our Priority

  1. One37 is founded on the premise that privacy is its core 'modus operandi'. This applies, to people, innovation and products. Our mission is to unlock the potential of the universal identity with privacy, security and trust, one experience at time. We don't monetize any Personal Information that we deal with on our consumers' behalf. On the contrary, we empower them to own their data at any time and increase the trust link between them and the ecosystem of service providers 'Issuers and Verifiers'. This privacy Policy sets out how we collect, use, disclose and protect 'Personal Information' when you access or use our services and material.
  2. If you don't have a relationship with us, but believe your Personal Information is used by an entity that accesses or uses our services, that entity's Privacy Policy applies to the collection, use and disclosure of your Personal Information. You'll need to contact that entity for any questions or concerns that you may have about your Personal Information (including where you want to access, correct, amend, or request the deletion of any such Personal Information).

 

Who is One37?

  1. When we say 'our', 'we', or 'us', we mean One37 Solutions Inc. (One37). Our offices are in Canada, but we operate internationally.
  2. One37 provides a state-of-the-art, safe and secure decentralized identity platform for identity verification in verticals such as travel, healthcare and so on. We are working with our partners and service providers to improve the daily lives of people in various scenarios such as 'Contactless & Touchless Travel' and facilitate the seamless interactions between identity holders and service providers along their journey, while ensuring data authenticity, integrity, compliance and governance for all relevant stakeholders within that ecosystem.
  3. Our privacy policy takes effect when you click on 'I Agree' button or tick the checkbox presented with this policy when creating your new identity through our Mobile App, and/or when you read this privacy policy on our website https://www.One37id.com/

 

Our principles for data protection

  1. We use the Self Sovereign Identity (SSI) principles that are intended for use by any digital identity ecosystem, technology and wallets that are designed to provide a secure method for consumers and service providers to access and exchange identity related Information ('digital verifiable credentials').
  2. The relevant points below summarize the importance of SSI. One37 is empowering identity rights holders to:
    1. Security: 
      secure their digital identity data at rest and in motion, to control their own identifiers and encryption keys, and to employ end-to-end encryption for all interactions.
    2. Minimal Disclosure: 
      to protect the privacy of their digital identity data and to share the minimum digital identity data required for any particular  interaction.
    3. Transparency: 
      all other stakeholders to easily access and verify Personal Information necessary to understand the incentives, rules, policies, and algorithms under which agents and other components of SSI ecosystems operate.
    4. Control:
      usage of their digital identity data and exert this control by employing and/or delegating to agents and guardians of their choice, including individuals, organizations, devices, and software.


Types of Personal data

  1. 'Personal Information' means identifiable Information about you that you share with us when you access or use our services or Material. You may disclose some of this Personal Information to us optionally, while other times we need it to provide you with the Service (for example, travel boarding pass). Examples of Personal Information include name, email address, selfie, government ID etc. The Personal Information are converted into 'Digital Credentials' using One37 technologies.

 

User and device data

  1. The digital credentials representing your Personal Information can be stored on your device or in the cloud of your choice. When credentials are stored and encrypted exclusively on your device, One37 can never access that Personal Information unless you reach out to us with a specific support request. When cloud storage is used, you may host the data through third-party cloud service providers of your choice and hold encryption keys relating to the data. Privacy policy of the cloud provider shall apply.
  2. When the mobile app is installed on your device it can be used without access to the internet when retrieving or viewing stored credentials.
  3. We don't use any cookies to collect Information on our website, App and other services.

 

Receipt of user's data

  1. Personal Information is processed by the mobile app to execute an identity verification or a tailored experience and any Information you provide to the mobile app based on your consent. This is needed to prove who you are to the service providers available in the marketplace.
  2. There are two areas where we receive user's data:
    1. Personal Information you provide upon your consent: 
      For example, if you create a new identity in our app, we ask you for your name, email or similar contact Information. If you don't want to provide us with such Personal Information, it may mean that we cannot provide you with the service and the flow of experience cannot be triggered until we receive said Information from you. This information is however still stored only on your device.
    2. Information we receive from third parties:
      Personal Information is in most of the cases received directly from you. Sometimes we receive Personal Information about you from other participants in the marketplace such as airline Information. We use this Personal Information to better inform, personalize and improve the services you are receiving, and to validate the Personal Information you provide to us. We do not retain any of this information on our servers. The airlines or other service providers may still retain a copy of that data based on their business needs and governed by their data retention and privacy policies.


Where we receive Personal Information, we'll only use or disclose it:

  1. to provide you with services;
  2. as set out in the following section (How we use your Personal Information) and the next one (How we minimize the sharing of your Personal Information);
  3. in accordance with this Privacy Policy, the Privacy Act of Canada and the Pan Canadian Trust Framework (PCTF) and in connection with the One37 Customer Agreement (including any applicable Service Terms) and Service Level Agreement);
  4. as required by any applicable law, court or authority or;
  5. with your consent and authorization at every step of the services offered.

 

How we use your Personal Information

  1. First and foremost, we use your Personal Information to provide you with the services you've requested and to manage our relationship with you.
  2. We use your Personal Information to:
    1. Communicate with you. This may include:
      1. providing you with Information you've requested from us;
      2. operational communications, like changes to our services, security updates, or assistance with using our services;
      3. marketing communications (about us or another product or service we think you might be interested in) if you have opted in with your marketing preferences;
      4. asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
    2. Support you: 
      This may include assisting with the resolution of technical support issues or other issues relating our services, whether by email, in-app support or otherwise.
    3. Enhance our services and develop new ones: 
      Such as providing new or improved technologies and optimizing user experiences.
    4. Protect: 
      So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our services fairly and in accordance with any applicable terms and conditions.


 

How we minimize the sharing of your Personal Information

  1. There will be situations where it is necessary to share your Personal Information with trusted third parties.
  2. We will only disclose your Personal Information to:
    1. regulators, law enforcement bodies, government agencies, courts or other third parties when it's necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
    2. to prevent, detect, or investigate security concerns, including fraud.
    3. To the extent it is necessary, to partners that we engage to provide services to us or on our behalf.
    4. Other people or agencies where we have your consent.


 

International privacy laws (GDPR) and retention

  1. Right to be Informed, Access.
    You have the right to know exactly what Personal Information is held about you and how it is processed. 
  2. Right of Rectification
    You are entitled to correct your Personal Information if it is inaccurate or incomplete. 
  3. Right of Erasure or to Decline to Share.
    You have the right to have your Personal Information deleted or removed for any or no reason, and you have the right to decline to share certain Personal Information with One37. However, if you choose to exercise either of these right, your ability to use and access our websites, apps, products and services may be impacted because various features require your Personal Information to function correctly. 
  4. Right of Portability of Information.
    You are entitled to retain and reuse any Personal Information for your own purpose.
  5. Right of Object Restrict Processing.
    In certain circumstances, you are entitled to object to the use of your Personal Information. This includes when your Personal Information is used for the purpose of direct marketing, scientific and historical research or the performance of a task in the public interest, when such use has a consequence with a legal bearing on yourself, or when such use is for the purpose of automatic decision making that has a material impact outside your use of our websites, apps, products or services. You may not object if our use of your Personal Information is otherwise permitted by applicable law
  6. International Privacy Laws.
    1. If you are using any of the websites, apps, products or services from outside Canada, please be aware that you are sending Information, including Personal Information, to Canada where our servers are located. That Information may then be transferred within Canada or back out of the Canada to other countries outside of your country of residence, depending on the type of Information and how it is stored. These countries may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Information represented as digital verifiable credentials will at all times continue to be governed by this Privacy Policy
    2. For Personal Information received from the European Union or the United States, we also certify that we adhere to the EU-Canada and US-Canada Privacy Shield principles of Notice, Choice, Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, and Enforcement
  7. Data Retention
    We only retain your Personal Information (if any), represented as digital verifiable credentials, issued by various Contacts (Ref. to App), for as long as your account with us is active, and then for an additional limited period of time or for as long as we need it to fulfill the purposes for which we initially collected such Information, unless otherwise required by law or to protect our rights.

 

Children's Privacy

  1. Our services are not directed to children and/or persons under the age of majority in their respective jurisdictions and is intended for use by adults and/or persons at or over the age of majority only. We do not knowingly collect Personal data from individuals under eighteen (18) years of age. If you are under the age of eighteen (18), please do not submit any Information through our services or other offerings and do not provide your consent for the use of your data unless your parent or guardian has approved. 

 

Security

  1. Security is a priority for us when it comes to your Personal Information. We're committed to protecting your Personal Information and have appropriate technical and organizational measures in place to protect your Personal Information. For more Information about the security of your Personal Information, you can contact us to [email protected]

 

Changes

  1. We may need to update this Privacy Policy from time to time. We will publish the updated version on our Site. Where a change is significant, we'll also endeavor to let you know by email. Any such changes will come into effect 30 days after the updated version is published. Your use of our services after the effective date confirms that you have read and understood the updated Privacy Policy.

 

How to reach us about our privacy policy

  1. We're always keen to hear from you. If you're curious about what Personal Information we hold about you or have a question or feedback for us on this Privacy Policy, please contact us at [email protected]