Privacy Policy

This Privacy Policy describes how we handle and protect your personal data and the privacy rights available to you. You can read the full policy below. But before we get into the details, we want to give you a digestible high-level summary that should allow you to make informed decisions when you use our services.

 

Midy helps you prove that you are who you say you are…

Midy makes it simpler and safer to verify and prove your identity online. We perform document and face checks against accepted government-issued photo IDs and then enable you to securely store that document’s information in Midy. We refer to these documents added to your Midy as ‘Verified IDs’ and to the information we stored from your document as ‘Extracted ID information’. Additionally, Midy allows you to store your information specific to a partner, permitting you to use that information for future interactions with that partner, or other approved parties. Learn more about these features.

in a privacy-preserving way…

We offer a service that helps you to prove your identity in a privacy-preserving way. This means that when you consent to share information with a Midy partner (e.g., a social media provider, a potential employer), only the information that is requested by that partner for the current transaction will be provided and no additional identity information will be shared. Learn more about these features.

while you stay in control of your ID.

Midy will ask for your consent before providing any information related to you (referred to below as ‘confirmations’) and will tell you which organization will receive that information. Once your information is securely stored in Midy it remains under your control. Data extracted from your Verified ID, or another onboarded document specific to a partner, can only be accessed when you authorize us to help you with sharing your information (e.g., for identity verification purposes or sign-in). You can delete your Midy account and your onboarded information will be permanently removed. Learn more about these features.

 

This Privacy Policy was last updated on May 23, 2024. 

In this policy “we”, “us”, etc. refers to NortonLifeLock Foreign Holding II Inc, part of Gen™ – a global company with a family of trusted consumer brands. See Contact Us section for contact details and, if you live in the EEA, Switzerland or United Kingdom, for information on the controllers of your personal data.

Main Features of the Service

We believe it should be easy to verify you are a real person and at the same time to keep control over your data in the digital world. So, we designed Midy to help you prove the information in online transactions without sharing unnecessary identity details. Read below for more information about how the Midy verification service works.

Authentic Person Check/Recheck 

Midy helps to prove that you are who you say you are based on document and facial biometric checks. The partner that you agree to share the requested information with (e.g., confirmation that you are a real person) does not have access to your ID, photos or videos taken during the verification process. It receives only the information that you agree to share with them: for example, confirmation from Midy if the identity verification was successful or not. Midy will show you the information you will share with the Partner. In order to carry out the verification, the partner shares with us an identifier (e.g., your account handle) that will be stored in your Midy, alongside information that you can use to confirm you are still the same real person to that partner in future interactions. 

Document and facial biometric checks are done in cooperation with our verification services provider Onfido and in accordance with our Biometrics Notice and the Onfido Facial Scan Policy and Release, Privacy Policy and Terms of Service.  

Name Check 

A partner may ask to check if your first name and last name used in their service matches the name on your ID document. We extract the first name and last name from your ID and match it against the first name and last name provided by the partner. The only feedback the partner receives is the ‘yes’ or ‘no’ answer to whether the names match or not. We use various matching techniques to determine if names match with a sufficient level of certainty. In some cases, the match does not have to be perfect and there may be slight differences between the name used in the partners’ services and your ID. 

Age Verification 

A partner may ask to verify if you meet certain age requirements. For example, online retailers and service providers may be legally obligated to incorporate age verification in their pre-sale checks or services. To determine your age, we process the information about your date of birth from your ID. The feedback provided to the partner is limited to confirming whether your age does, or does not, meet their age requirements (e.g., if you are, or are not, 18+ years old or if you are, or are not, within the age range of 18 to 25 years old).

How We Do the Identity Checks 

Identity verification is backed by document checks against accepted government-issued photo IDs. Document checks are done in cooperation with our service provider Onfido Inc. We analyze the document (which may include machine-readable zones, barcodes, QR codes and security chips) to verify that the document is genuine and to detect fraud. We extract relevant information from the document to create a Verified ID (see Midy Account section for more information) and, on your consent, to send information requested by a partner. To carry out the checks, extract the information and ensure the accuracy of the process, the document is kept for no longer than 35 days in our verification services providers’ systems and then it is deleted from their systems. During this time, we and our service providers may review the extracted information. 

To verify you are a real and live person, we then compare the live video capture of your face with the photo from your document. This verification is done in cooperation with our verification services provider and in accordance with our Biometrics Notice and our service provider Onfido’s Facial Scan Policy and Release, Privacy Policy and Terms of Service. We also use face scan data to detect and prevent fraud, including to determine whether we have previously verified your identity and/or to identify signs of coercion or social engineering. For more information about this process, please read the above–mentioned policies. 

Face scan photos or videos and biometric identifiers are kept when performing biometric checks and are deleted no later than 35 days after your ID has been verified. During this time, we and our service providers may review face scan data to ensure the accuracy of the process and detect and prevent fraud. Read our Biometrics Notice for more information about biometric data processing.

 

Data processing details

Feature	Categories of data processed	Legal basis
To carry out the identity check and provide information to partners you choose	Extracted ID information – personal information extracted from your Verified ID, for example name, document number, date of birth, nationality, type of document, issuing country, expiration date, information embedded in barcodes, QR codes, security chips and features (which will vary depending on the type of document).	Service provision
	Photo/video – may include images, videos and/or sound recordings of you and related image metadata	Service provision
	Face scan data – facial scan data and numerical biometric data calculated from it	Service provision, consent for biometric data
To perform the Name Check	Name – first name, last name provided by a partner requesting the name check against your ID	Service provision
To perform the Age verification	Age – date of birth, age range	Service provision
To enable further verifications and rechecks	ID image – image of your identity document	Service provision
To establish the connection between your identity, document and partner that asked for the verification	Identifiers – information relating to you as a user, your installed Midy app, Verified IDs, partners and confirmations	Service provision

Duration of the processing: Extracted ID information, partner account handle and photos of your IDs are available in Midy and you can delete them anytime. You can either delete a specific identity document directly from within your Midy or you can go to the app settings and delete your Midy account including all identity documents. ID scan, photos or videos and face scan data are used during the verification process and are kept for no longer than 35 days. Identifiers are processed for the duration of the account.

Selected categories of data are archived for legal, compliance and security reasons for 3 years (read more in the Legal, compliance and security section).

Partner Document Interactions

Add partner document and share partner document information

Midy allows you to onboard your information at a partner to be stored within Midy, permitting you to use that information for future interactions with that partner, or other approved parties.

For example, if you onboard affiliation-type information from a partner, you may choose to use it to sign-in to that partner (or other approved destinations), to prove that you are registered with such partner (e.g., to receive benefits associated with partner-affiliation), to prove that you are a member of the partner’s organization or to prove other types of relationship with a partner.

You can also ask us to onboard your education information from a partner. You may choose to then share your education information to prove your education credentials with a potential employer or other parties you choose through an education verification services provider.

You may view all of your documents (Verified ID documents and partner-specific documents) from within the My Data section of your Midy.

Sign-in

A partner, or other approved party, may ask for information from your Midy so that you may sign-in. Such information could include the membership number from your onboarded partner document.

Data processing details

Feature	Categories of data processed	Legal basis
To enable users to provide information associated with selected partners	Partner Document Information – information relating to you or your relationship with a partner and information contained in uploaded partner documents. For example, your account information registered with a partner, your education information acquired from an education verification service provider.	Service provision

Duration of the processing: Your onboarded information from a partner is available in Midy and you can delete it anytime. You can either delete a partner-specific document directly from within your Midy or you can go to the app settings and delete your Midy account including all your stored documents.

Misuse detection

Midy helps partners detect misuse or other similar irregular activities (e.g. excessive use of verified accounts). To do that, we create a connection between the verified ID and the user of the platform.

Data processing details

Feature	Categories of data processed	Legal basis
To help check if an identity or a document has not been misused (e.g. used multiple times without justification)	Identifiers – information relating to you as a user, your installed Midy app, Verified IDs, partners and confirmations	Legitimate interest

Duration of the processing: we process Identifiers for this purpose for 3 years after the account is deleted. 

Midy account

Midy requires that you sign up to the service and establish an account. To set up the account we will ask for your email address or phone number to use as your account username, as well as to send you a verification code. To help protect the account we use both passkey authentication process and local device authentication, where the system will ask you to unlock your device, preferably using biometric identification (such as a fingerprint or facial recognition).

You can view your Verified IDs and information extracted from these documents such as your name, surname, date of birth, address, nationality, type of document, issuing country, issuance/expiration date. The precise extent of the data depends on a particular ID that you will choose to use. You will also find an image of the ID document with your photo in Midy. Transactions records (e.g. that a confirmation was provided to a partner) are logged.

Your data is backed up in the Midy cloud where all your data is encrypted with a security key that is accessible only from your device. The cloud technology allows you to link multiple devices to your account and synchronize data across them. You can also generate recovery codes to be able to recover access to your account via the Midy cloud, for example, in case you lose your device.

Data processing details

Purpose	Categories of data processed	Legal basis
To create the account and enable verification	Contacts – Email address, phone number	Service provision
To adjust the application to your region (e.g., not display features that are not available in your region)	Location – Information about your region taken from the app store, operating system or filled out by you	Service provision
To maintain the account and enable the related verification services	Extracted ID information – Personal information extracted from your Verified ID, for example name, document number, date of birth, nationality, type of document, issuing country, expiration date, information embedded in barcodes, QR codes, security chips and features (which will vary depending on the type of document)	Service provision
	Partner Document Information – information relating to you or your relationship with a partner and information contained in uploaded partner documents. For example, your account information registered with a partner, your education information acquired from the education verification service provider.	Service provision
	Identifiers – information relating to you as a user, your installed Midy app, Verified IDs, partners and confirmations.	Service provision
	Security keys generated and stored on the user’s device only	Service provision
	ID image – Image of your identity document	Service provision
	Transaction records – account-related events (creation, acceptance of terms, sign-in), verification-related events (e.g. process started/stopped/failed/completed), Verified ID-related events (e.g. Verified ID created/deleted), partner-related events (request received, response sent).	Service provision

Duration of the processing: Extracted ID information and ID images are available in Midy and you can delete them anytime. You can either delete a specific identity document directly from within your Midy or you can go to the app settings and delete your Midy account including all identity documents. Contacts, Region, Identifiers and Transaction records are processed in our systems for the duration of the account.

Selected categories of data are archived for legal, compliance and security reasons for 3 years (read more in the Legal, compliance and security section).

Other processing activities

Aside from providing you with the Midy services, we also process your personal data for additional reasons. These concern our ability to conduct our business activities in compliance with both regulations and our partners’ and users’ expectations, and to ensure you can access our services quickly, easily – and most important of all – securely. Here are the details of this additional processing.

Improvement and development of services 

Developing and improving Midy includes building and improving our technology together with our service providers (such as our machine learning technologies and algorithms) and developing and testing new processes to better verify a user’s identity and/or detect fraud. For example, we may need to train models to recognize a novel fraud attack, a new version of an ID document or to minimize bias and improve performance. As part of this work, we train our technology to recognize specific patterns in information and make predictions about new sets of information based on those patterns. We also train our human analysts to perform those tasks so they can assist when our machine learning models aren’t best suited for the task or are still learning. Sometimes, we’ll also re-run and re-submit checks to ensure our verification services are working properly, particularly when testing a new feature or service for quality checks. 

Information used: ID image, Photo/video, Extracted ID information, Identifiers

Legal basis: Legitimate interests

Duration of storage: 35 days

Metrics and analytics

We will analyze data for the following purposes:   

1. Contractual obligations – to calculate the number of users signed up, to track the number of users for each business partner and the transactions performed in each month associated with each partner and to check consistency and validity of the calculations.
2. Business Intelligence – to measure the progress of Midy (number of installs, registrations, transactions) and its adoption across various countries and time, and to check consistency and validity of data.

Information used: Identifiers, Transaction records

Legal basis: Service provision, legitimate interests (for aggregate business intelligence) 

Duration of storage: 2 years (aggregated non-personal data may be used further for reporting and maintaining business records) 

Communication with customers (feedback, support)

We process data:

• To provide you with service information, customer and technical support;
• To collect customer feedback.

Information used: Contacts, Transaction records, information provided by you within the communication (e.g. information relating to your ID, identifiers, descriptions of the issue)

Legal basis: Service provision, consent for voluntary surveys and feedback collection 

Duration of storage: 3 years

Fraud checks, including device integrity and fraud signals 

Together with our service providers, we leverage a number of different fraud detection capabilities. We analyze the metadata associated with the user’s selfie video and the image or video of their identity document to identify whether any editing software can be detected and to assess the likelihood that the user is genuine. 

We also check whether we have previously verified a user by comparing the submitted information (information related to scanned ID, Extracted ID information and Face scan data) to information we have previously verified. This helps us verify users’ identities but further protects us and our users from fraud by helping us understand when a user may be generating multiple identities, editing and tampering with documents or manipulating device or network information. 

Information used: ID image, Extracted ID information and Face scan data, Identifiers 

Legal basis: Service provision, Legitimate interest

Duration of storage: as long as necessary for the detection of fraud

Legal, compliance and security

As a business we have to ensure necessary internal administrative and commercial processes (e.g. finances, business intelligence, legal & compliance, information security etc.), prove our services and transactions were carried out properly and, if necessary, defend our rights.

We also collect information from your device to comply with global legal obligations and the increasing number of biometric and privacy laws that apply to identity verification services. This is done in cooperation with our partner Onfido Inc. and in accordance with their Privacy Policy. For this purpose, your broad geographic location (e.g. country or city-level location) is collected, either directly or by approximating this based on your device’s IP address. This enables us to provide a localized service and collect any necessary biometric consents where required to meet our legal obligations.

Information used: Identifiers, Transaction records, Contacts, Communications, Location approximated from the IP address

Legal basis: Legal obligations, Legitimate interest

Duration of storage: 3 years (IP address is kept for 35 days only)

How We Use Other Providers

Service Providers

We may use contractors and service providers to process your personal data for the purposes described in this Privacy Policy. We contractually require service providers to keep data secure, confidential and use it only for the purposes of our agreement with them.

Amazon 

We store data in the Amazon Web Services cloud platform in the US (read their privacy information). Amazon is self-certified under the Data Privacy Framework for transfers of data outside EEA, UK and Switzerland.

Twilio 

Twilio helps us with the authentication of your email address or phone number. They deliver a security code to you during the account creation, and they keep audit logs containing either an email address or phone number with a timestamp. Twilio is self-certified under the Data Privacy Framework for transfers of data outside EEA, UK and Switzerland.

Onfido Inc.

Onfido helps us verify users’ identity, carry out document and face checks and provide user authentication services (see the Main features section for more detail).

Onfido also keeps logs of how you interact with their services; it does this to comply with legal and regulatory obligations, monitor the security and performance of their service and to make improvements to it. This includes timestamps of when the information was submitted to Onfido, the method used to upload information and information about the device used to submit that information.  Onfido pseudonymizes, aggregates and/or de-identifies information for statistical analysis and business insight reporting. The processing is performed in accordance with their Privacy Policy.

Data of users residing in the United Kingdom or the European Economic Area are stored in the UK. In case data is transferred outside EEA, UK or Switzerland, such transfer to Onfido will be based on the standard contractual clauses or other available legal instruments.

Other service providers

These service providers may include external customer support providers, professional consultants including to defend or to exercise our rights, and software suppliers such as office apps providers.

Cookies 

Our websites use cookies to personalize your experience on our sites – to tell us which parts of our websites people have visited, to help us measure the effectiveness of campaigns, and to give us insights into user interactions and user base as a whole so we can improve our communications and products. While using our websites, you will be asked to authorize the collection and use of cookie data through a cookie banner with the detailed settings and information about categories of cookies.

How We Store and Transfer Your Personal Data

We are a global business that provides products and services all around the world.  As part of our business, we may store and transfer data across the Gen group, its subsidiaries and affiliates, and third-party service providers. Data can be located in places where we offer Midy services and/or where we have our offices, infrastructure or data centers. 

Midy is part of Gen™. The intra-group transfers within the Gen Digital Group are covered by the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom, and Switzerland to the United States. Check here to access the Gen Digital Inc. Data Privacy Framework Notice. 

Before we move data across our infrastructure or to third parties, we look at the risks that may be presented to the data. We require third parties to maintain the same protections over your data that we provide directly. For data originating from the European Economic Area we rely on standard contractual clauses (SCCs), where applicable, or other available mechanisms to ensure your data rights are protected. To request information on particular data transfers or a copy of the particular SCCs, please contact us here.

Situations where we transfer personal data outside of the EEA include: allowing access to personal data stored in the cloud storage to personnel located outside the EEA, the provisioning of our products and services and third-party services related to it, and the delivery of support services. Further, an outside-EEA transfer may also occur in case of a merger, acquisition or a restructuring, where the acquirer is located outside of the EEA. 

How Long We Keep Your Personal Data

We retain the data only as long as needed to provide our services, or where it’s necessary to protect our legitimate interests and rights – as well as the rights of our users or service providers. The respective retention periods are always subject to maximum time frames imposed by applicable laws. Specific retention periods are described in the Main features and Other processing activities sections. Where we have a legitimate legal reason, we may also store information for longer than described above – for example, where we are under a binding legal order not to destroy information.

How We Disclose Your Personal Data

We have an internal policy and process to make sure that we only disclose personal data when it is legitimate and compliant with the applicable laws. If we do not have access to your personal data (e.g. when it is stored only locally on your device) or if it is encrypted, and we do not have the decryption key, we cannot provide any information.

Where we have access to personal data we may disclose it: (a) to our contractors and service providers as described above, (b) to any governmental authority where required by law, (c) in response to a court order, subpoena, discovery rule, or other lawful request, (d) as otherwise required under any applicable law, rule, or regulation, (e) in good faith, if an investigation is required (for example, as a result of a potential privacy breach or unauthorized transaction(s)), or (f) to protect or defend our rights or property or those of other persons.

Mergers, Acquisitions and Corporate Restructurings

Like any other company, we too go through our own cycle of growth, expansion, streamlining and optimization. Our business decisions and market developments affect our structure. As a result of such transactions, we may transfer your personal data to a related affiliate in order to maintain our relationship with you and continue providing you services.

If we are involved in a reorganization, merger, acquisition or sale of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, when applicable. Information, including personal data relating to our business, may be shared with other parties in order to evaluate and conclude the transaction. This would also be the case if we were required by law to make such changes.

Privacy rights

You have the following rights regarding the processing of your personal data:

• Right to information: Right to receive information about the processing of your personal data, prior to processing as well as during the processing, upon request.
• Right of access: You have the right to receive a copy of your personal data that is processed by us.
• Right to rectification: We should process accurate personal data; if you discover inaccuracy, you have the right to seek correction of inaccurate personal data.
• Right to erasure (“right to be forgotten”): You have the right to erasure of your personal data, but only in specific cases stipulated by law, e.g., if there is no legally recognized title on our part for further processing of your personal data (incl. protection of our legitimate interests and rights).
• Right to data portability: You have the right to receive personal data which you have provided and is being processed on the basis of consent or where it is necessary for the purpose of conclusion and performance of a contract, in machine-readable format. This right applies exclusively to personal data where processing is carried out by automated means.
• Right to object: Applies to cases of processing carried out in legitimate interest. You have the right to object to such processing, on grounds relating to your particular situation, and we are required to assess the processing in order to ensure compliance with all legally binding rules and applicable regulations. In case of direct marketing, we shall cease processing personal data for such purposes after the objection.
• Right to withdraw consent: In the case of processing based on your consent you can withdraw your consent at any time, by using the same method (if technically possible) you used to provide it to us (the exact method will be described in more detail with each consent when you provide it). The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
• Right to restriction of processing: You have the right to restriction of processing of your personal data if: (i) you are contesting the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; (iii) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or (iv) you have objected to processing of your personal data, and there is a pending verification whether our legitimate grounds override your interests.
• Right to contact a supervisory authority: You may lodge a complaint with the supervisory authority.

You can submit your requests relating to your data subject rights through our contacts described below (Contact Us).

The fulfillment of your rights listed above will depend on the category of personal data and the processing activity. In all cases, we strive to fulfill your request. We will action your request within the time frames set by the applicable laws. When we are faced with an unusually large number of requests or particularly complicated requests, the time limit may be extended in accordance with the applicable laws. If we fail to meet these deadlines, we would, of course, prefer that you contact us to resolve the situation informally.

If you are a California resident, you may have certain additional privacy rights (see below).

California Privacy Rights

This section applies to you if you are a resident of the state of California, and it explains your privacy rights, as well as other information about our treatment of California residents’ information. 

Information about processing

• Categories of collected personal information. To provide our services and for other business purposes described in this policy, we collect certain categories of your personal information. You can see all of these categories listed in the Main features and Other processing activities sections. Generally, these categories include identifiers and contact information; customer records information (transaction records) and account log-in; characteristics of protected classifications (e.g. when you ask us to verify your age); ID and partner document information including driver’s license, state identification card, education credentials or passport number; device/network data and geolocation data; biometric information (facial recognition data) used for the verification services; audio/visual information (images, videos and audio recordings); inferences drawn from other information. Midy is not targeted at minors under 16 years of age. We do not use or disclose your sensitive personal information for purposes other than the limited purposes permitted by the California Consumer Privacy Act.
• Sources from which the personal information is collected. Our primary source of your personal information is you – we collect this information when you provide it in a form, for instance, when you’re signing up for an account, when you upload ID or partner documents or when you communicate with us. Certain information related to your identity verification and ID data is provided by our verification service providers (identity check results). Technical identifiers and transaction records are created automatically when you set up your account or when you use the verification service. For security, metrics, analytics and business intelligence purposes, we may create or infer additional information from the collected information.
• Business or commercial purpose for collecting or selling personal information. You can find all our purposes for processing your personal information in the Main features and Other processing activities sections.
• Categories of third parties with whom the business discloses, sells, or shares personal information. You can find categories of recipients of personal information listed in the How We Use Other Providers section. Midy does not sell or share (as such terms are defined in the California Consumer Privacy Act) your personal information. The third-party recipients may include external customer support providers (categories of data used: identifiers, contact details, customer records, commercial information, characteristics of protected classifications – age, app activity information); professional consultants including to defend or to exercise our rights (categories of data used: identifiers, contact details,  customer records, commercial information, characteristics of protected classifications – age, app activity information); cloud storage providers (categories of data used: identifiers, contact details, customer records, commercial information, characteristics of protected classifications – age, app activity information and software suppliers such as office apps providers (categories of data used: identifiers, contact details, customer records, commercial information).
• How long we store your personal information. You can find retention periods for specific categories of data in the Main features and Other processing activities sections.

Your Rights

You have the right to:

• know what personal information is being collected about you and how it’s processed;
• know whether your personal information is sold, shared or disclosed, and to whom;
• request that we correct the personal information we have about you that is incorrect;
• say no to the sale or sharing of your personal information (right to opt out). In that respect, we’d like to note that Midy app does not sell or share personal information, nor has it sold or shared any personal information in the past 12 months – of either adults or minors under the age of 16.
• limit the use and disclosure of your sensitive personal information;
• request deletion of your personal information; information will be deleted if no exception applies (including our right to defend our lawful interests);
• access your personal information; specific information shall be provided in a portable and, to the extent technically feasible, in a readily useable format but not more than twice in a 12-month period;
• non-retaliation, including the right to receive equal service and price, even if you exercise your privacy rights (also known as the right to non-discrimination).

Right To Opt Out Of Sale or Sharing

Midy app does not sell or share your personal information. That being said, if you have any questions or concerns about the use of your personal information, do feel free to submit a privacy request following the instructions below.

Request Submission

You can submit your requests using contacts indicated below in the Contact Us section. We may ask you to provide information to verify your request and related account. You can also designate an authorized agent to exercise these rights on your behalf. We may require that you provide the authorized agent with written permission to act on your behalf and that the authorized agent verify their identity directly with us.

Contact Us

If you live in the EEA, Switzerland or United Kingdom, the controller of data is NortonLifeLock Ireland Limited, Orion Building Ballycoolin Business Park Blanchardstown 15 Dublin, Ireland. The representative established in the UK is NortonLiIfeLock UK Limited, 100 New Bridge Street, London, England EC4V 6JA.

To exercise any of your rights, or if you have any other questions or complaints about our use of your Personal Data and its privacy, write our Privacy Team through the most convenient channel below:

You can submit your privacy requests through our email at privacy@midy.com.

If you prefer, you can send paper mail to NortonLifeLock Foreign Holding II Inc., 60 East Rio Salado Parkway, Suite 1000, Tempe AZ 85281. Be sure to write “Attention: MIDY PRIVACY” in the address so we know where to direct your correspondence.

Changes

We’ll update this policy whenever we make material changes to our practices, and we’ll announce it to let you know. We hope you’ll find any changes agreeable, but if you’re not comfortable with changes to the info we collect or how we use it, we understand your choice to stop using our service.