Legal
Table of Contents
GeoComply’s Privacy Statement
Last updated: August 07, 2024
GeoComply is the market leader in geolocation security. GeoComply’s mission is to empower the future of digital trust, and our customers’ trust is very important to us. GeoComply is committed to protecting privacy and complying with applicable privacy and data protection laws.
This Privacy Statement outlines how GeoComply Solutions Inc. ( “GeoComply,” “we,” or “us”) collects, uses, and discloses your personal information in connection with our products and services, websites, and other online and offline interactions. In this Privacy Statement: “you” means (1) our customers and their personnel and agents, and (2) other individuals who interact with us directly, such as through our websites or events; and “users” means the end users who are customers of our customers. Through our careers site and other recruiting platforms and activities, we collect information related to individuals who apply for employment with us; personal information that we collect from job applicants is subject to our Applicant Privacy Notice and our California Privacy Notice and not this Privacy Statement.
Our Services
GeoComply provides B2B (business-to-business) regulatory licensing management, fraud prevention and cybersecurity solutions that detect location fraud and verify an end user’s true digital identity. Our solutions and services include: managing personal information for compliance licensing, advanced location-based fraud detection and geolocation compliance tools, historical and real-time location data and analysis, tools to detect VPN (virtual private network), proxy, and other advanced location spoofing methods, identity verification tools for KYC (know your customer), KBA (knowledge based authentication), and AML (anti-money laundering), and on-property geofencing solutions. In this Privacy Statement, we refer to all of our services and solutions collectively as our “Services.”
We are acting as a service provider to our customers when we provide the Services. Please see the “GeoComply’s roles under the GDPR and other data protection laws” section below for more information about when we collect and use personal information on behalf of customers and when we do so for our own purposes.
Our Services enable you to integrate with certain third-party services (“Third-Party Services”). We are not responsible for the privacy, security, or other practices of any Third-Party Services. We recommend you review the Third-Party Services’ privacy policies, license agreements, or other applicable terms and conditions.
You are responsible for complying with any applicable privacy and data protections laws when you collect, use, or disclose information about your users and other individuals through the Services, including providing any necessary notices and obtaining any necessary consents. If you disclose any personal information relating to your users or other individuals to us in connection with the Services, you represent that you have the authority to do so. If we receive any questions or complaints from your users or other persons regarding your use of the Services, we will typically direct the request to you.
Our Services and websites are directed to organizations for business purposes and are not directed to individuals under the age of eighteen (18).
What personal information do we collect?
In this Privacy Statement, “personal information” means information that identifies an individual or relates to an identifiable individual. We collect personal information for the following activities:
Using our Services
We collect the following personal information when you use our Services:
Customer account information
For managing your accounts and commercial relationships:
- Your contact and profile information, including your name, job title, email address, organization name, phone number, social media profiles, and/or address; your preferences such as language, time zone, and the types of communications you would like to receive from us; and/or image (if you choose to provide this).
- Emails, instant messages and your other communications with us.
Compliance Licensing information
GeoComply assists you with managing personal information for compliance licensing purposes. This includes collecting:
- Contact Information (e.g. full name, address, phone number, email address)
- Personal Characteristics (Sex/Eye Colour/Hair Colour/Height/Weight
- Date of Birth
- Citizenship
- Residential History
- Marriage (& previous marriage) Information
- Family and Relative Information (addresses/phone numbers/occupation/DOBs)
- Military Service (if applicable)
- Educational history
- Employment History/Directorships/Salaries
- Civil, Criminal and Investigatory proceedings (if applicable)
- Driving License information
- Financial Information
- Personal references (name, address, phone number, occupation & years known)
- Passport Information
- Driving License Information
- Birth Information
- Marriage/Divorce information
- Insurance policies
- Education Certificates
- Property Deeds
- Vehicle Registrations
- US and Non-US Tax Information
- Business and Personal Licensing
Location Information
Our customers may request that you install a GeoComply application to verify your true location to determine if they may grant access to their services and prevent fraud. At their request, we collect:
- A customer assigned pseudonym
- IP address
- Device model
- Device ID
- Device fingerprint
- OS version
- Browser version
- Precise location
- Device indicators of location masking
Logs, usage, and support data
When you use the Services, we collect the following data to help manage, secure and troubleshoot the Services:
- Log data, which includes IP address, browser type and settings, device information (such as make, model, and OS), the date and time when you used the Services, information about browser configuration, language preferences, and cookies.
- Usage data and analytics, which includes login frequency and activity information such as frequently accessed areas of the Services.
- Location information, such as IP address and the region from which you are logging in and using the Services, in accordance with the settings on your device.
Browsing our websites
We collect the following information when you visit our websites:
- When you make an inquiry or other request, or provide feedback, we collect information such as name, email address, feedback provided or request made, and information related to current or prospective use of our Services.
- Website usage data, average session duration, engagement rate, links clicked, page visits, and mouse movements, which may be used to generate visual reconstructions of your website session activity.
- Information about your company/organization, such as company name, revenue, size, location, business activities, and market segment.
- IP addresses.
- Information collected through tracking technologies such as third party cookies and non-cookie technologies. We place cookies on your browser in order to serve advertising and for measurement and analytics purposes. You may opt-in or out of this tracking through our cookie banner or by using third party vendor links (see Marketing emails, advertising and website browsing below).
- When you access resources such as videos, white papers, or case studies on our websites, we collect your name, contact information, and information about the type and frequency of resources accessed, viewed and downloaded.
Surveys, events, marketing and other activities
We collect the following information through surveys, contests, and events (such as webinars and in-person events) that we host or are affiliated with:
- Contact information, such as name, job title, organization, email address, telephone number, and home and/or office address.
- Participation, attendance, feedback and opinions.
- General information about your organization that you choose to provide, such as annual company revenue, number of employees, and industry.
Other interactions
- Social media: We collect your name, social media username or handle, messages, posts and other interactions with our brand and social media accounts.
- Email interactions and analytics: Information on how you engage with our emails such as email open and click rates, whether a link is clicked, which web pages are visited after opening the email, the type of browser and email clients you use, and general location information (i.e., country and region).
- Teleconference, videoconference, and other meetings: We may collect your name, organization, phone number, email address, preferences, feedback, opinions and business needs.
We combine the above information with business-related information about your organization from trusted service providers and tools, such as the legal name, size, business activities, and publicly available revenue, to assist us in offering services that are appropriate to your organization’s needs.
For more information, please review or California Privacy Statement.
How do we use your personal information?
In addition to the uses described above, we use your information for the following purposes:
Providing and securing our Services
- We identify, authenticate, and manage accounts for persons accessing and using our Services.
- We use information that you and your agents provide to set up your organization’s account, process payments, contact you regarding the Services, manage your account and our contract with you, and provide you with related support and customer service.
- We use your contact information and information related to your request to respond to your inquiries, respond to your questions and requests, and send you administrative information such as updates and information about the Services.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
Communicating with you
- We use your contact information to send you, as applicable, information about our Services and events, and marketing communications (consistent with your preferences—see “Marketing emails, advertising and website browsing” below).
- We use email statistics, such as open rates, to assess the effectiveness of, and to make improvements to our communications. We also use engagement analytics to better understand your needs so that we can provide the information and services that is more relevant to you.
We will engage in this activity with your consent or where we have a legitimate interest.
Improving our websites, applications, and Services
- We analyze usage information, your feedback, support queries, and survey responses to identify issues and help us understand how you use the Services so that we can make improvements to our Services.
- We use information about you to help us understand usage patterns and other activities on our websites and applications so that we can diagnose problems and make improvements, including enhancing usability and security.
- If you choose to provide information about you, your usage of social media services and other feedback during telephone calls and other interactions to our customer support and sales teams, we use, monitor, and record this information for training purposes, to make improvements to our internal sales and marketing processes, and to improve our Services.
We will engage in this activity based on our legitimate interests, and with your consent to the extent required by applicable law.
Other business purposes
- For audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements.
- For fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
- For developing new products and services.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest.
Aggregated and/or anonymized personal information
We aggregate and/or anonymize personal information so that it will no longer be considered personal Information. We generate such aggregated and/or anonymized data and use or disclose it for analysis, product improvement, security, troubleshooting, or any other purpose, as it no longer identifies any individual.
Where we maintain or use de-identified information, we will continue to maintain and use it only in a de-identified fashion and will not attempt to re-identify the information.
What are your rights regarding personal information about you?
Privacy rights
Certain privacy rights may be available to you if you are located in the EEA or another jurisdiction with applicable privacy or data protection laws. If you or your authorized agent would like to request to access, change, delete, restrict or confirm the use of, or object to the processing of your personal information that you have previously provided to us, or if you would like to receive an electronic copy of your personal information for purposes of transmitting it to another company, or appeal our decision regarding your privacy request (to the extent any of these rights are provided to you by law), please email us at privacy@geocomply.com.
For your protection, we only fulfill requests for the personal information associated with the email address that you identify in your request, and we may need to verify your identity before fulfilling certain requests. We will respond to your request consistent with applicable law and with the applicable terms of service or other service agreement(s) in place between your organization and GeoComply (the “Services Agreement”).
Customers of the Services
If you are a customer of GeoComply, you may also access, update, correct or delete personal information from your account by logging in to your account, or contacting our Support Team for requests that cannot be carried out by logging in to your account. Please note we may need to retain certain information about you for as long as you maintain an account for our Services, to provide you with our Services, for record keeping purposes, for payment processing, to comply with our legal and regulatory obligations, to resolve disputes, and/or to enforce the applicable Services Agreement.
Marketing communications
You may opt out of marketing communications sent by GeoComply by clicking on the unsubscribe link in the marketing email you receive and completing the unsubscribe form.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.
Interest-based advertising, analytics, and website browsing
GeoComply participates in interest-based advertising, where we use third parties to serve advertisements regarding goods and services that may be of interest to you when you access and use our websites and other websites or online services. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from Digital Advertising Alliance (“DAA”) participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; (iii) for targeted ads from Network Advertising Initiative (“NAI”) participants, https://www.networkadvertising.org/choices/; and (iv) for targeted ads from the European Interactive Digital Advertising Alliance (Europe only).
We use Google services to provide analytics for understanding how you use our website and for providing advertising. We have configured these services so that Google only acts as a service provider to us and cannot use the information collected from our users for its own purposes or on behalf of others. These services may also collect information regarding the use of other websites, apps and online resources. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/.
Our advertising and website analytics activities require the use of cookies and other similar technologies, which may include GeoComply or third-party scripts. You may manage your preferences through our cookie banner; using the 3rd party vendor provided links as mentioned above; or by configuring your browser to block cookies.
California residents
If you are a California resident, please refer to the California Privacy Notice for more information about the requests you may make under California law.
With whom do we share personal information?
We disclose personal information as explained below.
Affiliated entities
We share personal information with GeoComply’s controlled affiliates and subsidiaries for the purposes set out in this Privacy Statement. You can consult the list and location of our affiliates here.
Service providers
We share personal information with service providers that assist us with activities such as website hosting, data analysis, marketing, communicating with you, managing our customer database, customer service, professional services, and providing and managing the Services (including hosting data centers, securing our Services, and payment processing). We may also disclose personal information to professional advisors, including lawyers and accountants, as necessary for audits, financial and regulatory reviews, and the provision of advice.
Website analytics and advertising vendors
We disclose personal information to third party vendors for analytics and advertising related purposes. The information may include, but is not limited to, data about your activity on and use of the websites or Services, links clicked, page visited, and mouse movements, and these vendor may use the information to enable us to generate visual reconstructions of your website session activity. These vendors assist us with providing relevant information about our products and services to interested parties and for improving how our website operates. For more information please see Interest-based advertising, analytics, and website browsing.
Authorized resellers and partners
Where you have purchased a Service from an authorized GeoComply reseller or partner, we may provide information about you to (and may receive information about you from) the reseller or partner as necessary to support your use of the Service(s) you purchased.
Event sponsors and organizers
We may participate in and run marketing events (e.g., social events, virtual and in-person conferences, webinars, and providing resources) with sponsors and other organizations and may share personal information with such sponsors or other organizations for their marketing purposes, consistent with your choices.
Other uses or disclosures of personal information
Corporate transactions
We may use or disclose your information as part of a corporate transaction such as a reorganization, financing, merger, sale of assets, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Legal reasons
We may use or disclose personal information where we believe that it is reasonably necessary or appropriate to do so: to comply with a law or regulation (including laws outside your country of residence); to respond to a court order or legal process (including courts and legal procedures outside your country of residence); to cooperate with government authorities or law enforcement (including authorities outside your country of residence); to establish, protect, or exercise our legal rights or to defend against legal claims or demands.
In addition, we may use or disclose information about individuals if we believe it is necessary to investigate, prevent, or take action: (a) against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person; or (b) regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous spamming, or denial of service attacks).
What international data transfers occur at GeoComply?
GeoComply’s headquarters is in Canada, with offices in the United States, Vietnam, and Poland. Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers.
ADDITIONAL INFORMATION REGARDING THE EEA: Some countries outside of the European Economic Area (EEA) are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [hyperlink to EU Commission’s adequacy list online: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission, to protect personal information. You may obtain a copy of these measures by contacting us in accordance with the “Contact Us” section below.
The third-party service providers we use to help us deliver the Services and which process your personal information are referred to as “subprocessors” and are listed on this “page.”
How do we safeguard personal information?
We seek to use reasonable organizational, technical and administrative measures to protect personal information within our organization. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the Contacting Ussection below.
How long do we retain personal information?
We retain personal information as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include the length of time required: to provide the Services requested by your organization; for record keeping purposes; to comply with our legal obligations; to resolve disputes; and to enforce the Services Agreement. After it is no longer necessary for us to retain information about you, or otherwise upon your request and consistent with applicable law, we will dispose of it in a secure manner or anonymize the information.
GeoComply’s roles under the GDPR and other data protection laws
Depending on the situation and the type of personal information involved, GeoComply may act as a data controller or a data processor.
GeoComply as a data controller
GeoComply acts as a data controller when we are:
- Processing personal information about your personnel and agents (e.g., to administer accounts for your authorized users of our Services, send marketing or administrative communications, respond to inquiries or requests for support, etc.); and
- Processing personal information related to use of our websites, events, social media, and other similar interactions.
GeoComply as a data processor
You are the data controller, and we are the data processor, when we process personal information about your users through our Services. As a data processor, GeoComply processes this personal information to provide the Services in accordance with your instructions (which you provide through the Services) and the Services Agreement. As part of delivering the Services, we may process this personal information to further improve the Services, such as enhancing usability and developing new features.
If your organization requires, GeoComply makes available a data processing addendum that meets the requirements under Article 28 of the EU GDPR or UK GDPR. Please email your account representative with your request.
If you are using the Services as an authorized account holder of a GeoComply customer (whether that customer is your employer, or another organization), that customer determines its own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of personal information, which may apply to your use of the Services. Please check with that customer about the policies and settings it has in place.
Brazilian General Data Protection Law
This section is applicable to the processing of personal information subject to the Brazilian General Data Protection Law (Law No. 13,709/2018, the “LGPD”, as amended), that is, whenever: (i) data processing takes place in Brazil; (ii) the processing activity is intended to offer or supply goods or services or to process data of individuals located in Brazil; or (iii) personal data being processed was collected in Brazil (including data collected of data subjects that were in Brazil at the time of collection). The information contained in this section shall apply as a supplement to the other information contained in this Privacy Statement. To the extent the provisions of this section conflict with other provisions of this Privacy Statement, then the provisions of this section shall prevail in relation to the processing of personal information subject to the LGPD. Any terms defined in the LGPD have the same meaning when used in this section.
Your Rights
The LGPD gives you specific rights to your personal information, as described in Article 18 et. seq. of the LGPD. This section describes your rights and explains how to exercise them.
- Right to confirmation and access: right to obtain confirmation that your personal information is being processed, and the right to access such data.
- Right to correction: right to request correction of incomplete, inaccurate, or outdated personal information.
- Right to anonymization and deletion: right to request the transformation of personal information into anonymized data and to delete unnecessary or excessive personal information, or of personal information processed in noncompliance with the provisions of the LGPD.
- Right to portability: right to request that your personal information be transferred to another service or product supplier, according to Brazilian Data Protection Authority’s (“ANPD”) regulation, provided that the trade and industrial secrets are respected.
- Right to obtain information about the entities with whom the personal information is shared.
- Right to withdrawal consent: if the processing requires the granting of consent, you may withdraw such consent at any moment and, subsequently, request the deletion of such data.
- Right to obtain information about the possibility of not providing consent and the consequences of denial.
- Right to deny: right to deny data processing of personal information, in case the processing is not in compliance with the LGPD.
- Right to review decisions taken solely by automated processing: if decisions are taken based on automated processing (without human intervention) of personal information, and such processing could affect your interests, you may request a review of these decisions.
How to exercise your rights
If you have any questions or comments about the processing of your personal information subject to the LGPD, including the ways in which GeoComply collects and uses your information and your rights regarding such use, please do not hesitate to contact us at:
Data Protection Officer
Name: Maninder Malli
E-mail: privacy@geocomply.com
Changes to this Privacy Statement
We may make changes to this Privacy Statement at any time to reflect updates to our Services, our business practices, applicable laws, and other factors. Any changes will become effective when we post the revised Privacy Statement. We encourage you to stay informed by reviewing this Privacy Statement periodically.
Last Updated: 08/07/2024
Contact us & privacy questions
GeoComply Solutions Inc., located at Suite 500, 545 Robson Street, Vancouver, British Columbia, Canada, V6B 1A6, is the company responsible for collection, use, and disclosure of personal information under this Privacy Statement.
If you wish to contact us or if you have any questions or concerns in relation to this Privacy Statement or our privacy practices, please contact us/our privacy team at privacy@geocomply.com or at the postal address above.
Additional information regarding the EEA
You may also lodge a complaint with the data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.