What is the purpose of this notice?
Midy, a product of NortonLifeLock Foreign Holding II Inc., offers a service that allows you to prove your identity in a privacy-preserving way. This biometrics notice explains how Midy collects, uses, shares, retains, and destroys your Biometric Data when you use our services.
“Biometric Data” includes: (i) “Biometric Identifiers,” which are data generated by measurements of your biological characteristics, such as your retina or iris scan, fingerprint, voiceprint, or a scan of your hand or face geometry; and (ii) “Biometric Information,” which is information based on a Biometric Identifier that can be used to identify you.
Please review this notice carefully. By agreeing to our collection of your Biometric Data, you consent to the collection, use, sharing, and retention of your Biometric Data as described in this notice.
What type of Biometric Data does Midy collect and how do we collect it?
- To verify your identity and the authenticity of your identity document for our digital identity product, we use a service provider, Onfido. In accordance with their Facial Scan Policy and Release, Onfido extracts and compares the face geometry data from a selfie video captured through the Midy app against an image of your identity document. Onfido then assesses whether the person in the photo or video is likely to be the same person pictured in the identity document and gives us the result of this confirmation. Onfido also extracts the information from the identity document and provides it to Midy to create a verified ID.
How does Midy use and share it?
- Our third-party service provider, Onfido, collects your Biometric Data to verify your identity. Biometric Data is used exclusively to verify your identity. By agreeing to Midy’s collection of your Biometric Data, you also agree to the terms of Onfido’s Facial Scan Policy and Release.
- Midy does not share your Biometric Identifiers with partners who request your identity verification via Midy. Midy will show you what information the partner has requested when asking for your consent to share that information. Therefore, partners receive only the information that you explicitly agree to share with them. For example, confirmation from Midy if the verification was successful or not – without sharing any Biometric Identifiers.
How long does Midy retain your Biometric Data and what happens to it at the end of the retention period?
- Midy does not store your Biometric Identifiers (face geometry data). An image of your identity document and the information extracted from the identity document will be available in Midy. To delete your identity documents, you can either delete a specific identity document directly from within your Midy or you can go to the app settings and delete your account including all identity documents. Information about your transactions (e.g., a verification of your identity provided to a partner you authorized) is stored in Midy for the duration your account is active and then archived for 3 years for legal, compliance, and security reasons.
- Our service provider, Onfido, deletes your face geometry data together with the information resulting from the facial scan (result of the identity verification) and the identity document itself within 48 hours after your ID has been verified, unless otherwise required by law or legal process to retain the data. Once deleted, the Biometric Data cannot be recovered or reconstructed.
Additional Privacy Disclosures and Your Rights
For more information about how we collect, use, and share your personal information, as well as your rights and choices concerning our data practices, please review our Privacy Policy available at midy.com/privacy-policy.
