Your Privacy is our Priority
Who is One37?
- When we say 'our', 'we', or 'us', we mean One37 Solutions Inc. (One37). Our offices are in Canada, but we operate internationally.
- One37 provides a state-of-the-art, safe and secure decentralized identity platform for identity verification in verticals such as travel, healthcare and so on. We are working with our partners and service providers to improve the daily lives of people in various scenarios such as 'Contactless & Touchless Travel' and facilitate the seamless interactions between identity holders and service providers along their journey, while ensuring data authenticity, integrity, compliance and governance for all relevant stakeholders within that ecosystem.
Our principles for data protection
- We use the Self Sovereign Identity (SSI) principles that are intended for use by any digital identity ecosystem, technology and wallets that are designed to provide a secure method for consumers and service providers to access and exchange identity related Information ('digital verifiable credentials').
The relevant points below summarize the importance of SSI. One37 is
empowering identity rights holders to:
secure their digital identity data at rest and in motion, to control their own identifiers and encryption keys, and to employ end-to-end encryption for all interactions.
to protect the privacy of their digital identity data and to share the minimum digital identity data required for any particular interaction.
all other stakeholders to easily access and verify Personal Information necessary to understand the incentives, rules, policies, and algorithms under which agents and other components of SSI ecosystems operate.
usage of their digital identity data and exert this control by employing and/or delegating to agents and guardians of their choice, including individuals, organizations, devices, and software.
Types of Personal data
- 'Personal Information' means identifiable Information about you that you share with us when you access or use our services or Material. You may disclose some of this Personal Information to us optionally, while other times we need it to provide you with the Service (for example, travel boarding pass). Examples of Personal Information include name, email address, selfie, government ID etc. The Personal Information are converted into 'Digital Credentials' using One37 technologies.
User and device data
- When the mobile app is installed on your device it can be used without access to the internet when retrieving or viewing stored credentials.
- We don't use any cookies to collect Information on our website, App and other services.
Receipt of user's data
- Personal Information is processed by the mobile app to execute an identity verification or a tailored experience and any Information you provide to the mobile app based on your consent. This is needed to prove who you are to the service providers available in the marketplace.
There are two areas where we receive user's data:
Personal Information you provide upon your consent:
For example, if you create a new identity in our app, we ask you for your name, email or similar contact Information. If you don't want to provide us with such Personal Information, it may mean that we cannot provide you with the service and the flow of experience cannot be triggered until we receive said Information from you. This information is however still stored only on your device.
Information we receive from third parties:
Personal Information is in most of the cases received directly from you. Sometimes we receive Personal Information about you from other participants in the marketplace such as airline Information. We use this Personal Information to better inform, personalize and improve the services you are receiving, and to validate the Personal Information you provide to us. We do not retain any of this information on our servers. The airlines or other service providers may still retain a copy of that data based on their business needs and governed by their data retention and privacy policies.
- Personal Information you provide upon your consent:
Where we receive Personal Information, we'll only use or disclose it:
- to provide you with services;
- as set out in the following section (How we use your Personal Information) and the next one (How we minimize the sharing of your Personal Information);
- as required by any applicable law, court or authority or;
- with your consent and authorization at every step of the services offered.
How we use your Personal Information
- First and foremost, we use your Personal Information to provide you with the services you've requested and to manage our relationship with you.
We use your Personal Information to:
Communicate with you. This may include:
- providing you with Information you've requested from us;
- operational communications, like changes to our services, security updates, or assistance with using our services;
- marketing communications (about us or another product or service we think you might be interested in) if you have opted in with your marketing preferences;
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
This may include assisting with the resolution of technical support issues or other issues relating our services, whether by email, in-app support or otherwise.
Enhance our services and develop new ones:
Such as providing new or improved technologies and optimizing user experiences.
So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our services fairly and in accordance with any applicable terms and conditions.
- Communicate with you. This may include:
How we minimize the sharing of your Personal Information
- There will be situations where it is necessary to share your Personal Information with trusted third parties.
We will only disclose your Personal Information to:
- regulators, law enforcement bodies, government agencies, courts or other third parties when it's necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
- to prevent, detect, or investigate security concerns, including fraud.
- To the extent it is necessary, to partners that we engage to provide services to us or on our behalf.
- Other people or agencies where we have your consent.
International privacy laws (GDPR) and retention
Right to be Informed, Access.
You have the right to know exactly what Personal Information is held about you and how it is processed.
Right of Rectification
You are entitled to correct your Personal Information if it is inaccurate or incomplete.
Right of Erasure or to Decline to Share.
You have the right to have your Personal Information deleted or removed for any or no reason, and you have the right to decline to share certain Personal Information with One37. However, if you choose to exercise either of these right, your ability to use and access our websites, apps, products and services may be impacted because various features require your Personal Information to function correctly.
Right of Portability of Information.
You are entitled to retain and reuse any Personal Information for your own purpose.
Right of Object Restrict Processing.
In certain circumstances, you are entitled to object to the use of your Personal Information. This includes when your Personal Information is used for the purpose of direct marketing, scientific and historical research or the performance of a task in the public interest, when such use has a consequence with a legal bearing on yourself, or when such use is for the purpose of automatic decision making that has a material impact outside your use of our websites, apps, products or services. You may not object if our use of your Personal Information is otherwise permitted by applicable law
International Privacy Laws.
- For Personal Information received from the European Union or the United States, we also certify that we adhere to the EU-Canada and US-Canada Privacy Shield principles of Notice, Choice, Onward Transfers, Security, Data Integrity & Purpose Limitation, Access and Recourse, and Enforcement
We only retain your Personal Information (if any), represented as digital verifiable credentials, issued by various Contacts (Ref. to App), for as long as your account with us is active, and then for an additional limited period of time or for as long as we need it to fulfill the purposes for which we initially collected such Information, unless otherwise required by law or to protect our rights.
- Our services are not directed to children and/or persons under the age of majority in their respective jurisdictions and is intended for use by adults and/or persons at or over the age of majority only. We do not knowingly collect Personal data from individuals under eighteen (18) years of age. If you are under the age of eighteen (18), please do not submit any Information through our services or other offerings and do not provide your consent for the use of your data unless your parent or guardian has approved.
- Security is a priority for us when it comes to your Personal Information. We're committed to protecting your Personal Information and have appropriate technical and organizational measures in place to protect your Personal Information. For more Information about the security of your Personal Information, you can contact us to Legal@One37id.com