Privacy & Cookies Policy
In compliance with current regulations on the protection of personal data you are informed of the following aspects.
This Privacy Policy together with the Terms and Conditions , and any other documents referred on it, sets out the basis on which any personal data we collect from You, or that You provide to us will be processed by us. The definitions in the Terms and Conditions also apply to this Privacy & Cookies Policy.
We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please, read this privacy policy carefully to understand our policies and practices regarding your Information and how we will treat it. If you do not want your Information to be processed as set out in this privacy policy, please do not provide any personal data to us and do not use AgeGO.
1. DATA CONTROLLER
Age Verification Technology, S.L. (hereinafter, “AgeGO”) with VAT B67394494 and address at 16 Marina, 08005 Barcelona is the Data Controller of your personal data.
You may contact AgeGO at the postal address previously indicated or at the following email address for any query, request or clarification regarding the processing of your personal data: info@agego.com.
2. APPLICABILITY OF THIS PRIVACY POLICY
This Privacy Policy applies to the information we collect:
- On AgeGO; or
- In email and other communications between You and AgeGO.
It does not apply to information collected by:
- Any other website operated by us (or our affiliates and group companies);
- Any website operated by a third party, including those operated by the Business Customer; or
- Any application or content (including advertising) that may link to or be accessible from or on AgeGO.
This Privacy Policy applies to anyone who visits or uses AgeGO. The personal data that we collect about our users depends on which type of user they are:
- “End User” means the individual who either use AgeGO or create an account with AgeGO, in order to have their age verified so they are able to access age restricted content and/or access to websites that have restricted content and/or websites, which restrict access to certain features.
- “Business Customer” means the online services provider company in favor of which AgeGO is rendering the Services, and with which the End User wants to execute the transaction; or whose online services and/or content the End User wants to access.
- “User” means anyone who visits the website or uses AgeGO (including End Users and Business Customers.
3. DATA PROTECTION
In compliance with the General Data Protection Regulations (“GDPR”), the age-verification system included in AgeGO fulfills all the following:
- It has been designed with GDPR in mind, ensuring End Users privacy is protected by default.
- End Users are told why, when, where and how their personal data will be processed, and by which organizations.
- AgeGO will process the minimum amount of data necessary to achieve the verification of the age; additionally, personal data will only be collected when necessary, irrespective of whether it is subsequently securely deleted. Only when there is an appropriate lawful basis there will be a procession of personal data, which shall in any case, be in line with the requirements of data protection legislation.
- All personal data is processed securely, taking into account the risks presented by such processing.
- All individual rights will be facilitated to the End Users such as access to your personal data, rectify inaccurate data, request its erasure when it is no longer necessary, oppose or limit the processing or request the portability of the data.
- The personal data shall not be retained for longer than it is necessary to achieve the purposes for which it was originally collected (this is, the age-verification).
AgeGO hereby represents and warrants as follows:
- AgeGO will take all the opportune actions in order to document and mitigate privacy risks;
- AgeGO will not, under any circumstance, re-use the End Users Data for purposes other than age-verification of the End User, without the knowledge of the concerned End User;
- AgeGO will put in place all and any appropriate measures in order to ensure the data is adequately safeguarded;
- AgeGO will not retain data for longer than it is necessary;
- AgeGO will not require nor retain physical location information of the End User;
- AgeGO will not retain personal data about End Users who fail the age-verification checking methods.
- AgeGO shall ensure the security issues are appropriately addressed.
AgeGO explains, in this Privacy Policy the use we make of personal data that you provide to us or that we gather from you and the measures we take to protect your privacy. This Privacy Policy also details how you may request that we amend or delete your personal data from our records as well as how to request that we cease all contact with you. Please read this Privacy Policy carefully as once you use our services you will be regarded as having read and accepted our Terms and Conditions.
In accordance with what is established herein, AgeGO may only transfer the information resulting from the Verification Method you chose in order to provide the Services that AgeGO has been hired to perform. AgeGO has subscribed confidentiality and data processing agreements that are necessary and mandatory by the privacy protection regulation.
Business Customers privacy policy shall be available to End Users in its website, and shall disclose that the Business Customers may place cookies on the browsers of End Users to the Business Customers Website(s). In accordance to EU Directive 2002/58/EC as amended by Directive 2009/136/EC, Business Customers must provide the End Users with clear and comprehensive information regarding any devices (such as cookies or local shared objects) in use at their websites for storing information in the End User’s terminal equipment or retrieving already stored information from the said terminal equipment. Business Customers must also implement an opt-in system which ensures that the prior and informed consent is obtained from the End Users in the European Union before any such devices are used or installed in the End Users’ terminal equipment.
4. WHAT PERSONAL DATA WE PROCESS AND HOW WE HAVE OBTAINED?
We collect the following data from the User in two ways, directly from your input into AgeGO, and automatically through the Services.
A) End Users. The age-verification process requires the End User to submit Information in order to verify your age (the “Age-Verification Methods“).
We collect, receive, and process the following personal data about the End Users:
- Information provided by the End User (note that depending on which Age-Verification Method the End User decides to use, some of the Information below will not be provided):
- Login ID: email address and password for the login in AgeGO. You will provide it directly to us when you create your account with AgeGO. Note that we hash such data when storing your Login ID for increased privacy.
- Photo of the driving license of the End User.
- Photo of the passport of the End User.
- Selfie Photo of the End User(*).
- Credit card details of the End User (this is, card number, expiration date and CVC). (**)
- Phone number
(*) All these photos are captured from the End User’s device, uploaded direct to the third party provider of the age verification system, processed with the providers listed above and then DELETED. We do NOT store any of these elements after the execution of the analysis.
(**) The card details are directly sent from the End Users browser to our third party compliant payment gateway providers. This verification is done by a PCI compliant payment gateway provider and AgeGO does not capture or keep credit card details.
- Information collected automatically: we collect non-personally information automatically for the primary purpose of customizing AgeGO and the Service, understanding how they are used and preventing their misuse.
- Technical data (including your internet protocol address IP Address, and log in data). We may collect this information from your device or browser. Note that we don’t store your IP address.
- Cookie data: if a third party or we have set cookies from your device or browser. Please see the last section of this Policy and our Cookies Policy for more information relating the cookies we use.
- Jurisdiction data (the country in which you are located, but not your exact location): we receive information about your approximate location from your IP address.
We do not collect personal data regarding the content accessed by End Users when visiting the Business Customer’s website.
B) Business Customers. We collect any information you provide to us by filling in forms on AgeGO.
- Information provided by the Business Customer:
- Login ID (including email address and password): you will provide this information when you register as a Business Customer and if you later update your details.
- Contact data (including name, company name, email address, address, country, website URL and telephone number): you will provide this information when you register as a Business Customer and if you later update your details.
- Financial data (including information about billing, invoices, bank accounts, payments made or owed and outstanding debts): you will provide us with some of this information yourself when signing up as a Business Customer, and we may compile some of it ourselves.
- Marketing and communication data (including your contact data and what information you are interested in receiving from us): you will provide us this information when you sign up as a Business Customer and when you communicate with us.
Information collected automatically:
- Technical data (including your internet protocol address IP address, and log in data): we may collect this information from your device or browser.
- Cookie data: if we or a third party have set cookies on your device or browser. Please see the last section of this Policy and our Cookies Policy for more information relating to the cookies we use.
5. WHAT WE PROCESS YOUR PERSONAL DATA FOR
A) End Users
Your personal data is collected and processed with the purpose of verifying your age so that the Business Customer can grant you access to its services and/or content.
B) Business Customers
Your business contact data is processed with the exclusive purpose of maintaining the commercial, contractual or collaborative relationships that AgeGO has with you or the company, entity or organization you work for or collaborate with.
6. WHY WE MAY PROCESS YOUR PERSONAL DATA
A) End Users
The Digital Economy Act 2017 requires website operators to verify a person’s age before allowing them access rights to certain websites and/or certain types of content shown on websites. We collect information from End Users to verify their age so that the Business Customer can then grant them access to their age restricted services and/or content. Therefore, the legal basis to process your data is the Agreement between the End User and AgeGO.
B) Business Customer
The processing of your business contact data relative to maintaining the relationship between AgeGO and your, which responds to the Agreement existing between the Business Customer and AgeGO.
The processing of your personal data in order for AgeGO to send promotional information regarding activities similar to those that motivate the relationship with the Business Customer responds to a legitimate interest of our entity and is authorized by the existing regulation.
The Business Customer may object to receiving commercial communications about the products and services of AgeGO now or at any time by sending an email with such objection to info@agego.com.
7. WHEN AND WHY WE MAY TRANSFER YOUR DATA TO THIRD PARTIES
Your data may be transferred to the following addressees for these reasons:
- Public Administrations: for compliance with legal obligations to which AgeGO is subject based on its activity.
- Providers who require access to your personal data in order to provide the services that AgeGO have hired from them as indicated in our T&C. AgeGO has made sure such third parties are subject to the necessary confidentiality and data processing obligations that are necessary and mandatory by the privacy protection regulation.
Find below a table identifying the different categories of third party providers to whom we shall transfer your personal data in order to render our Services:
Category of providers | Characteristics | Lawful grounds for processing |
---|---|---|
For the Verification Method through ID Document | Providers of such service are within the Privacy Shield. | The agreement for the provision of the Services. |
For the Verification Method through Credit Card | The third party providers are PCI compliant payment gateway providers. | The agreement for the provision of the Services. |
For the Verification Method through Mobile Phone | The third party providers are aggregators, which have access to an API allowing them to test the status of the filter for the users of the UK mobile operators. | The agreement for the provision of the Services. |
For the Verification Method through Face recognition | Providers of such service are within the Privacy Shield. | The agreement for the provision of the Services. |
For further information regarding warranties to your privacy in relation to such third party providers, you may contact AgeGO at the electronic or postal addresses previously indicated.
- We never transfer End User Data to Business Customers. Business Customers will only receive a response as to 18 or over or not 18 and will only have access to aggregated data through AgeGO (i.e. how many verifications, how many accesses). Additionally, Business Customers have signed the confidentiality and data processing agreements required by the regulation, which apply the warranties and safeguards needed to preserve your privacy. For further information regarding warranties to your privacy, you may contact AgeGO at the electronic or postal addresses indicated in this Privacy Policy.
You will be duly informed if AgeGO transfers personal data to other addressees in the future.
8. INTERNATIONAL DATA TRANSFERS
AgeGO has hired technology service providers located in countries that do not have a data protection regulation equivalent to the European (“Third Countries”). AgeGO has made sure that these service providers are subject to the necessary confidentiality and data processing obligations required by the regulation, which apply the warranties and safeguards needed to preserve your privacy.
For further information regarding warranties to your privacy, you may contact AgeGO at the electronic or postal addresses previously indicated.
9. HOW LONG WILL WE STORE YOUR DATA
Your personal data will be stored while your relationship with AgeGO is ongoing and once said relationship is terminated for whatever cause, unless you oppose to it. Once the relationship is terminated, your data will be processed solely to the effects of demonstrating compliance with the legal or contractual obligations of the AgeGO.
Except in the event that the End User does not log in to AgeGO, in which case we will not be using the data of the End User for no purpose than verifying age, and during the amount of time which shall be strictly necessary for the fulfillment of the legal obligations of AgeGO.
10.WHAT ARE YOUR RIGHTS
We inform you that you have a right to access your personal data, rectify inaccurate data, request its erasure when it is no longer necessary, oppose or limit the processing or request the portability of the data, through the postal and electronic addresses indicated.
Please note that any requests to exercise any of the previous rights must comply with all the requirements established by law, and in particular:
The request should be in writing and contain an address for notifications, the date and your signature as the data subject. It also has to explain the purpose of the request and provide any evidencing documents, if applicable.
A photocopy of your passport or another official identification document must be provided.
Furthermore, if you consider the processing of your personal data violates the regulation or your rights to privacy, you may file a complaint:
- To AgeGO, through the electronic and postal addresses indicated.
- To the Applicable Data Protection Agency through its electronic or postal addresses.
11. LINKS TO OTHER WEBSITES
Our Website includes links to other websites whose privacy practices may differ from ours. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
12. HOW DO WE PROTECT YOUR DATA
When we collect personal information directly from you, we follow generally accepted industry standards such as SSL, to protect the personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore we cannot guarantee its absolute security. If you have any questions about security you can contact us at info@agego.com.
As provider of services relating to personal data, we take the security of your personal data very seriously. We have implemented a number of appropriate security measures (including physical, electronic and procedural measures) to safeguard your personal data from unauthorized access and disclosure. Whilst we will not set out full details here for security reasons, some of the measures include:
(i) Regular scanning of our systems to monitor vulnerabilities;
(ii) One-way salted hash function to store personal data;
(iii) Use of firewalls to help prevent unauthorized persons from gaining access to personal data;
(iv) Background checks for all our employees;
(v) Only permitting authorized employees to access personal data, and only for permitted business functions;
(vi) Tracking of employee logins and actions on our systems to ensure they are processing personal data in accordance with our policies;
(vii) Putting arrangements in place with third parties we work with to regulate the processing, security and confidentiality of data;
Please note that the safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to or use of AgeGO, you are responsible for keeping this password confidential. You must not share your password with anyone or allow anyone to use your account.
13. COOKIES POLICY
(i) What are cookies and how we use them?
A cookie is a small text file that is stored on a User’s computer for record-keeping purposes. We do not link the information we store in cookies to any personally identifiable information you submit while on our website. By accessing the website, you expressly accept the use of these types of cookies on your devices.
There are two types of cookies: session cookies and persistent cookies. We also allow third parties to use cookies on our website.
Session Cookies. Session cookies exist only during one online session. They are deleted from your computer when the browser is closed or the computer is turned off. We use session cookies to allow our systems to uniquely identify you during a session.
Persistent Cookies. Persistent cookies are saved on your computer after you have closed the browser or shut down your computer. We use persistent cookies to track statistical and aggregate information about your activity, which can be combined with other information.
Third Party Cookies. We also hire third parties to track and analyse personal and non-personal information. To do so, we allow third parties to send cookies to users of AgeGO, as permitted by law and without prejudice to your right to disable such cookies. We use the data collected by said third parties to help us manage and improve the quality of AgeGO and to analyse the use of AgeGO. The use of these cookies is not covered by our Privacy & Cookies Policy, we do not have access or control over these cookies.
(ii) Which cookies do we use?
We use both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate AgeGO. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Please find below a table explaining the type of Cookies we use and the amount of time it remains on your hard drive for:
Name | Owner | Duration | Purpose |
---|---|---|---|
_ga | Google inc. | 2 years | Registers a unique ID that is used to generate statistical data on how the user uses the site. |
_gat | Google inc. | Session | Used by Google Analytics to throttle request rate. |
_gid | Google inc. | Session | Registers a unique ID that is used to generate statistical data on how the user uses the site. |
ag-s9803 | AgeGO | Session | Used to generate the Javascript widget. |
ag-sg9803 | AgeGO | Session | Used for copying the value to the local cookie. |
ag-se9803 | AgeGO | Session | Value is sent as the “sid” parameter in every request inside the iframe. |
ag-tx9803 | AgeGO | 5 minutes | Cache for the token exchange producer |