We understand our responsibility to protect your privacy and we will work hard to protect your information and put you in control.
The Company is domiciled in UK at the following address:
Aikaki Limited, Hallings Hatch Parkgate Road Newdigate Dorking RH55DY, UK
All data storage infrastructure is located solely within UK and Europe and thus governed by the laws and regulations of the UK and European Union.
Our company’s overriding policy is to collect as little user information as possible to ensure a completely private user experience when using the Service.
Service's user data collection is limited to the following:
Account creation: Any user signing up for a User Account on OkularID is requested for the following personal information, as defined and protected by the General Data Protection Regulation (GDPR).
In order to use the secured services features of our services, including but not limited to Remote ID Proofing, Passwordless Access and Secured Document Sharing, a user will need to provide additional personal information as mentioned below:
Photograph of the user
Geo location including Longitude and latitude
Front and Back picture of valid ID Proof provided by the user
Further, our applications/services predict the approximate age of the user using AI, extract information such as Name, Date of Birth, Address and the photograph of the user from the ID Proof.
Other Personal Information Collected during Use: We may also collect geolocation of your device and IP address during your use of the services other than secured services as well.
2. Why is this data required and/or processed and the Legal Basis of Processing?
Account Opening Related Data: In order to maintain integrity of the Service, OkularID must take measures to avoid creation of accounts by spammers. Each User Account is unique and associated with an individual. Therefore, a unique identifier for each user is used to facilitate service between one or more users of the service. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, this data is processed based on explicit consent provided by User in line with Article 9(2)(a) of GDPR. You are free to delete your User Account and remove that data in the account panel of your OkularID User account.
Verification: Such data will only be used to contact you with important notifications about OkularID, to send you information related to security, to send you an invitation link to create your User Account, to verify your User Account or to send you remote verification links. We may also inform you about new OkularID features in which you might have an interest. You are free, at any given time, to opt-out of those features by contacting us at email@example.com. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, OkularID uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and to determine if you are a spammer.
Unauthorized Login: In order to detect unusual activity from your User Account, geolocation and IP addresses are used to ascertain only genuine users are using the services, and any suspicious activity is reported to the user. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR and the processing is done to prevent unauthorized use of Service and protection of user’s interest, thereby maintaining integrity of the Service. Any personal information, so collected, is stored in encrypted form on OkularID’s servers.
Secured Services: In order to provide Secured Services, we would need your photograph, geolocation. All users are hereby made aware, prior to providing consent, that user’s live photograph and matching it with previously stored Photograph of the user is at the core of proprietary, patent pending technology that enables the secured features of our services. Further, elaborated below are the features of the current applications for which we collect the data: Remote ID Proofing: Scan/photo of valid ID proof of the user, Live photograph of the face of the user, geo location of the user; Passwordless Login: Live photograph of the face of the user, geo location of the user; Secure Document Sharing: Document/file in encrypted format, Live photograph of the face of the user, geo location of the user; Live photograph of the face of the receiver, geo location of the receiver. Taking live photograph of the user is one of the crucial steps in providing the services. Therefore, without these, the secured services would not work and hence OkularID would need your explicit, free and informed consent to process your photograph to enable secured services. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR. Further, this data is processed based on explicit consent provided by User in line with Article 9(2)(a) of GDPR.
Communicating with OkularID: Your communications with the Company, such as support requests, bug reports, or feature requests may be saved by our staff. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR and the processing is done to troubleshoot more efficiently and improve the quality of the OkularID service.
Payment Information: The Company relies on third parties to process credit card, PayPal, and other payment gateways and hence the Company necessarily must share payment information with third parties. The legal basis for processing is User Consent under Article 6(1)(a) and for performance of contract under Article 6(1)(b) of GDPR.
3. Data Use
We currently do not have any advertising on our mobile app. Any personal data that we do have will never be shared except under the circumstances described below in the Data Disclosure Section. We do NOT do any analysis on the limited data we do possess. All personal information collected from you is solely used for delivering and improving the Service.
4. Data Storage
All servers used in connection with the provisioning of the Service are located in UK, Europe and US and are rented by the Company from third party service providers. Only employees of the Company have physical or other access to the servers. Data is ALWAYS stored in encrypted format on servers. Offline backups may be stored periodically, but these are also encrypted. We do not possess the ability to access any user encrypted content on either the production servers or in the backups and we strictly do not access any of your content shared with other users via secured services.
5. Data Retention
All personal information collected is retained till you delete your user account.
The data records are deleted automatically once You request account deletion. Please note that OkularID shall not be responsible for providing data requests after the User Account has been deleted. Deleted data may be retained in our backups for a few days due to the standard process. Active User Accounts will have data retained indefinitely.
6. Right to Access, Rectification, Erasure, Portability, and Right to lodge a complaint
A user may access and view personal information associated with said User through the User Account section in the mobile app.
Alternatively, any user may write an email/post-mail to Data Protection Officer for OkularID and request a copy of their personal information, as held by the Company, or request modification or deletion of their personal data. Subject to technical limitations, such request shall be entertained by the Company and the User shall be informed.
OkularID Data Controller
Data Protection Officer
Aikaki Ltd, Hallings Hatch Parkgate Road Newdigate Dorking RH55DY, UK
The Company, on receiving such request from a user, shall attend to the request made by the user and do the needful within 7 days from date of such request.
If your User Account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal information, you can make a request to our support team.
In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.
7. Data Sharing
Your data is not sold by us and not shared with any other entity for any commercial purpose. However, certain payment related information may be shared with third-party payment processing companies for subscription fee.
In case you are using our services of Remote ID Proofing, we may have to share the information including your photograph, ID Proof, facial scan and geo location with the third party who is requesting your remote ID Proofing. The same is done only and specifically with your explicit consent.
However, in case you are using our services as a part of your employment with your employer and your employer is offering you our services for providing you Remote ID Proofing, Passwordless access, Secured Document Sharing and other secured services, for their purposes, we may have to share such data with your employer as a part of our contractual relationship with your employer.
8. Data Disclosure
We will only disclose the limited user data we possess if we are instructed to do so by a fully binding request coming from the competent UK authorities (legal obligation). While we may comply with electronically delivered notices (see exceptions below), the disclosed data can only be used in court after we have received an original copy of the court order by registered post or in person, and provide a formal response.
If a request is made for encrypted content that OkularID does not possess the ability to decrypt, the fully encrypted content may be turned over. If permitted by law, OkularID will always contact a user first before any data disclosure.
OkularID may from time to time, contest requests if there is a public interest in doing so. In such situations, the Company will not comply with the request until all legal or other remedies have been exhausted.
We will share information with third parties who perform services on our behalf, including who provides data processing capability on behalf of us and for maintenance purposes. We partner with GDPR compliant data processors only after a binding data processing agreement is entered into with said partners.
This policy is effective as of 20th August 2022