Version 3.0 Date: May 2018
The EU General Data Protection Regulation (the "GDPR") and the Data Protection Act 2018 seek to protect individuals against interferences with their privacy by regulating the way personal data are collected, handled, disclosed, used and stored.
Morpho UK Limited ("Morpho") understands the importance of, and is committed to, protecting data subjects' personal data. For the purposes of the Data Protection Regulation Morpho UK Limited is a joint data controller working jointly with The Minister for the Cabinet Office as represented by Government Dig Digital Services (GDS). Morpho is part of the IDEMIA Group of Companies ("IDEMIA Group") which is a global organisation.
This policy sets out how Morpho aims to protect the privacy of personal data, your rights in relation to your personal data managed by Morpho and the way Morpho collects, holds, uses and share personal data. This policy explains how we use the personal data we collect about you when you use our website and applications to access government websites. This policy may be updated from time to time.
1.1 Purposes for which Morpho collects Personal data
- To provide you with SecureIdentity Services, in a secure way
- To verify your identity, including during account creation, revalidation and recovery processes
- To enhance or improve your user experience
- To maintain and improve the quality of the service we provide
- To maintain and improve our Customer Services
- To respond to inquiries and resolve complaints and disputes
- To detect Identity fraud. We reserve the right to report to any appropriate agency or other relevant body any suspicious activities encountered by Us in relation to Your interaction with Morpho as part of the Services. If we pass this information to the Government Digital Service, they may report this information to other appropriate agencies or relevant bodies. The agency or relevant body will process your personal data for the purpose of detecting and preventing identity fraud.
- To comply with applicable laws and regulations and orders of a competent authority
- Personal data collected by Morpho may also be used for secondary purposes provided that it is compatible with the purpose for which it was initially collected. The Scientific research and statistic activities are compatible purposes. IDEMIA Identity & Security, the mother company of Morpho, may keep your data in order to develop and improve our products and services. Morpho will only keep personal data for these purposes for time period not exceeding one year and will be pseudonymised. Once information is no longer required Morpho will destroy such information.
1.2 The types of personal data that Morpho may collect and hold
1.2.1 Personal data that Morpho may collect include:
- Your full name
- Your date and place of birth
- Your postal address
- Your email address
- Your telephone number
- Your user ID (application store account)
- Your gender
- The data necessary to identify the date, time and duration of a communication
- Your static or dynamic IP address
- Characteristics of your software platform (Operating System, Browser)
- Your passport details, (including the photo)
- Your Driving License details
- Your Marriage Certificate details
- Your Birth Certificate details
- Your bank account number
- A photo of your face (selfie)
1.2.2 Personal data that Morpho may hold
Morpho may hold all of the data mentioned in the above paragraph 1.2.1, except for the photo of your face and the photo of your passport. Both photos are immediately deleted after they are matched. However, the photos may be kept for scientific research and statistical activities in order to develop and improve our products and services. (as explained in paragraph 1.1)
1.3 How does Morpho collect your personal data
1.3.1Personal data collected from you
Morpho usually collects personal data directly from you. Optionally, you may also provide a photo of your passport and provide a photo of your face (selfie). We will compare them using biometric identification (face recognition). Morpho requires you to complete a consent form to acknowledge that you are fully aware of the collection and processing of your personal data.
1.3.2 Personal data not obtained directly from you
Morpho may also check your personal data against publicly available information and information already present in our partner companies' databases in order to verify your identity and ensure that you are the person you are claiming to be.
Personal data that Morpho may check, include:
- Your Credit Record History. This identity check has no impact on Your credit rating. We will not use your data collected during the verification or sign-in process for any other purpose. This verification sets a 'soft' marker on your credit reference agency file, showing it was used for the purpose of verifying your identity. 'Soft' means that only you will be able to see the marker (so you would know if someone else had used it for that purpose).
- Your Electoral Roll History
- Your financial court orders records (CCJ, IVA, DRO, Bankruptcy)
- Your record in the Land Registry
- Your Directors Register record
We might in certain circumstances verify if you are active on social networks.
1.4 How long does Morpho keep your personal data
Morpho will keep your data for as long as necessary in order to provide you with the services available on our website and applications.
Morpho may also keep your contact details to send you important service messages in order to run the service provided.
Morpho may also keep your contact details, with your consent (opt-out), for direct marketing in connection with the service provided.
Morpho may keep records of your activities for seven (7) years after the date on which your identity account is closed, to handle complaints or disputes that may arise.
Morpho will keep your personal data to the extent necessary to comply with all applicable laws, regulations and code of practices.
Morpho will keep your photos (passport's and selfie) for the duration of the matching (a few seconds only).
1.5 Sharing your personal data
1.5.1 Disclosure of personal data by Morpho
Morpho may share personal data with:
- Government Digital Service (GDS): the DVLA, the HMPO and any other relevant HMG Department in connection with the provision of the Evidence Checking Services
- the head office of the IDEMIA Group, IDEMIA SAS based in France, for the following purposes
- Storage and processing purposes
- Anonymous statistical purposes
- Research activities purposes
- Maintenance and support
Morpho ensures that all personal data is handled by IDEMIA SAS, France in accordance with the GDPR.
Appropriate security measures are put into place.Where possible the personal data used for the abovementioned purposes will be pseudonymised, de-identified or anonymised.
- Its subcontractors, help desk service, data aggregator service, post code checking service (including without limitation third party fraud-prevention agencies and credit agencies) to verify your identity during the SecureIdentity registration process and to provide customer care
Morpho will not sell, rent or otherwise disclose your personal data to third parties without your informed prior consent.
Morpho may also share your personal data if it is required to do so by virtue of any legal obligations (such as law enforcement, tax), or in order to enforce Morpho's terms and conditions (see the document at http://help.secureidentity.co.uk).
1.5.2 Overseas disclosure by Morpho
Morpho does not transfer personal data outside the European Economic Area
It will also ensure that its processors will not transfer personal data outside the EEA, unless the transfer is handled in compliance with the GDPR.
1.5.3 Marketing communications
Your information may be used by SecureIdentity (Morpho UK) for its own marketing purposes in connection with the service provided. We will require your consent (opt-in). your marketing preferences can be modified.
Morpho will not sell or rent your personal data to any third party for marketing purposes without your explicit consent (opt-in).
1.5.4 Security and Storage of your information
Morpho takes the security and confidentiality of personal data very seriously. Your information will be stored and processed on our servers based in the European Union.
Morpho takes all reasonable steps to protect your personal data using technical, organisational, and security measures to reduce the risks from misuse, interference and loss; and from unauthorised access, modification or disclosure. This includes as a minimum:
- limiting physical access to our premises
- limiting access to the information Morpho collect about you
- limiting which personnel are authorised to access your data only to those needed to perform the service that Morpho provides you
- Firewalls filter, data encryption
- Putting in place physical, electronic, and procedural safeguards in line with current relevant industry standards.
1.6 Customer care
Your communications with our Customer Services (by post, mail, telephone or live chat) may be monitored and recorded for training, quality control and compliance purposes.
1.7 Access to your personal data and your data protection rights
Right to access, right to rectification, right to erasure, right to the restriction of the processing, right to data portability, right to object
Access right: within the limit of applicable law, you have the right to access the personal data Morpho holds about you. Morpho shall use reasonable endeavours to provide you access to your personal data without undue delay and where possible within 30 calendar days of receiving any request from you
Rectification right : You have the right to have personal data about you rectified if it is inaccurate, out of date, incomplete, irrelevant or misleading.
Right to object: you have the right to object to the processing of your data within the limits set by the regulation
Right to the restriction of the processing: You have the right to freeze the processing of personal data in the following case
- If the accuracy of your personal data needs to be verified,
- If the legal basis for processing your personal data is disputed and needs to be reconsidered
- If Morpho does no longer need you data but you require them for the establishment, exercice or defense of claim
- You object to the processing pending the verification whether Morpho legitimate grounds override your rights
Right to data portability: this rights applies to personal data which you provided us and that we use on the basis of your consent or to provide a contract you have the right to receive the information you gave to us back in a "machine-readable" format.
Right to object to automated decision making: where automated processing has taken place where consent has been given or under a contract and where the processing has a legal or similarly significant effect, you have the right to a human intervention .
Right to withdraw consent: when we process data based on your consent you have the right to withdraw that consent at any time
The SecureIdentity service website (www.secureidentity.co.uk/my-account) can also give you a copy of the personal data you provided Us and which we process.
If you would like to make a direct request to us, you can send us a letter or contact us by email (see 1.9 "contact Us").
You acknowledge that in the event that our website or applications link to third party sites or apps, those third party sites and apps may have their own policies in relation to data protection and privacy. We advise that you read any such policies, and you acknowledge that besides the GDPR scope of application, Morpho shall have no responsibility or liability for the use of your personal data by any such third parties.
1.9 Contact Us
If you have any questions, complaints or concerns about how we use your personal data, you can contact us by writing to SecureIdentity Data Protection Officer, 255 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire, United Kingdom RG41 5TP or by email at firstname.lastname@example.org.
Where a request is received by postal letter or email, Morpho will take all the necessary steps to verify that it is you making the request before granting access or making corrections to your personal data. Morpho reserves the right to charge a £10 fee in order to provide you with the personal data you request. Morpho shall use reasonable endeavours to provide you access to your personal data within 30 calendar days of receiving any request from you.
If you are concerned on how SecureIdentity handled your personal data, you may send a complaint using one of the following methods:
- Email us: email@example.com
- Call us: phone on 0330 100 0103
The help centre is open:
Monday to Friday: 8am to 10 pm
Saturday and Sunday: 8am to 5pm
For support in Welsh, please call us: 0330 100 0103
- Send us a letter: SecureIdentity Data Protection Officer, 255 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire, United Kingdom RG41 5TP
You will receive a response within a reasonable period, but no later than 30 days.
However, should you consider that your complaint has not been dealt with care, you may decide to contact directly the Information Commissioner's Office (ICO) by:
- Phone: 0303 123 1113
- Letter: Information Commissioner's Office, Wycliffe House Water Lane, Wilmslow, Cheshire, United Kingdom SK9 5AF
- Website: https://ico.org.uk/
2.1 What are cookies?
Cookies are small text files stored on your computer by your browser. They are used for many reasons, such as remembering whether you have visited the site before, so that you remain logged in - or to help us work out how many new website visitors we get each month. They contain information about the use of your computer but do not include personal data about you (they don't store your name, for instance).
This Policy applies to our websites and our mobile applications (individually and collectively referred to in this Policy as "the Website").
Any changes to this Policy will be posted here. We reserve the right to vary this Policy from time to time and such changes shall become effective as soon as they are posted. Your continued use of the Website constitutes your agreement to all such changes.
2.3 What categories of cookies may be used?
The following types of cookie may be used on this Website. We don't list every single cookie used by name - but for each type of cookie we tell you how you can control its use :
- Strictly Necessary Cookies
These cookies are essential, as they enable you to navigate this Website and use its features, such as accessing secure areas. These cookies allow this Website to provide services at the request of users.
Without these cookies, services you have asked for cannot be provided.
- Performance Cookies
Performance cookies allow us to update this Website to cater for Website user preferences and improve performance. They collect information about how this Website is used, e.g. which pages users visit most often and where error messages are delivered.
- Functional Cookies
Functional cookies allow this Website to remember choices you make, e.g. your user name, log in details and language preferences and any customisations you make to Website pages during your visit. They are necessary to provide features and services specific to individual users.
- Targeting Cookies
These cookies collect information about your browsing habits on this Website in order to make advertising both on this Website and other websites you subsequently visit relevant to you and your interests, to limit the number of times those adverts are served to you and to help measure the effectiveness of advertising campaigns
|Web Site||Site||Name of cookie||Expiry period||Purpose||Company||Cookie Type|
|Helpcenter||secureidentityuk.zendesk.com||_zendesk_shared_session||Session cookie||help services||Zendesk||Necessary cookies|
|Helpcenter||secureidentityuk.zendesk.com||_zendesk_session||Session cookie||help services||Zendesk||Necessary cookies|
|Helpcenter||help.secureidentity.co.uk||_zendesk_shared_session||Session cookie||help services||Morpho||Necessary cookies|
|Helpcenter||help.secureidentity.co.uk||_help_center_session||Session cookie||help services||Morpho||Necessary cookies|
|Verify||verify.secureidentity.co.uk||JSESSIONID||Session cookie||GOV.UK verify service||Morpho||Necessary cookies|
|Verify||verify.secureidentity.co.uk||JSESSIONID||Session cookie||GOV.UK verify service||Morpho||Necessary cookies|
|Service Web site||.secureidentity.co.uk||__hssc||Persistent - 30 minutes||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||__hssrc||Session cookie||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||__hstc||Persistent - 2 years||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||_ga||Persistent - 2 years||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||_gat_cTrack||Persistent - 10 minutes||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||_gat_iTrack||Persistent - 10 minutes||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||cookie-agreed||Persistent - 4 months||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||has_js||Session cookie||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||hsfirstvisit||Persistent - 10 years||Under review||Morpho||Site experience cookies|
|Service Web site||.secureidentity.co.uk||hubspotutk||Persistent - 10 years||Under review||Morpho||Site experience cookies|
|Service Web site||.doubleclick.net||id||Persistent - 2 years||Advertising (low impact)||DoubleClick, Google Inc.||Marketing, anonymous cross site tracking cookies|
|Service Web site||.youtube.com||-||Persistent or sessions cookies||-||YouTube, LLC||Performance, operation cookies, marketing, anonymous cross site tracking cookies|
|Service Web site||.secureidentity.co.uk||qtrans_front_language||Persistent - 1 year||Under review||Morpho||Site experience cookies|
2.4 Setting your cookie preferences
You can disable cookies or delete existing cookies via your web browser, however if you use the settings in your web browser to disable or delete cookies you may not be able to access or use some or all of the Website. For more information about cookies you can visit: www.allaboutcookies.org
2.5 For more information about cookies
- Guide to online advertising and privacy
- ICC UK cookie guide
Version 3.0 Date: May 2018