Last Updated: October 12, 2023
- SheerID’s Remember Me Services (Remember Me).
- SheerID’s Audience Services. Because certain features of the Audience Services may constitute “sales”, “sharing”, or “targeted advertising” under applicable data privacy laws, additional information about how SheerID collects, uses, and discloses information about you as part of the Audience Service is available here. For general information about the Audience Services, read here.
(a)processed by SheerID on behalf of other companies utilizing SheerID’s verification platform to verify your identity or age for the purposes of providing you with a discount or other offers (collectively, “Clients”); or
(b)collected by any third party, including through any application or content (including advertising) that may link to, be accessible from, or present in the Services (collectively, “Third Party Services”).
In these cases, the relevant Client or Third Party Services acts as the business or controller. If you have any questions about how Clients or Third Party Services collect, use, process, or disclose your personal information, please review their respective privacy policies.
What Information We Collect and How We Collect It
Information You Provide to Us
We collect information that you provide directly to us. For example, you share information with us when you sign up for Remember Me, subscribe to our services or request further information, fill in a form, complete a survey, make a purchase, communicate with us via third party platforms, participate in a contest or promotion, request customer support, search on our website, or otherwise communicate with us. The types of personal information we may collect include your name, email address, phone number, log-in credentials, postal address, eligibility credentials (e.g., whether you are a student, member of the military or medical profession, or other discount-qualifying criteria), credit card or other payment information, or any other information you choose to provide.
Information We Collect Automatically When You Interact with Us and How We Collect It
When you access our Services, website, or otherwise transact business with us, we automatically collect certain information, including:
- Activity Information: We collect information about your activity in relation to our Services, such as internet traffic data, website access times, website pages viewed, links clicked, logs, and other communication data. This may include the website page(s) you visited before navigating to our Services and the resources that you access and use on our Services.
- Transactional Information: When you access a discount or offer through our website, we may collect information about the transaction, such as product details, and the date and location of the transaction.
- Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version.
- Location Information: In accordance with your device permissions, we may collect information about the precise location of your device. You may stop the collection of precise location information at any time (see the Your Choices section below for details).
Information We Collect from Other Sources
We obtain information from third party sources. For example, as part of our Services, we may collect and process information about you from identity verification services, employment or academic verification services, social networks, credit bureaus, advertising networks, data analytics providers, and mailing list providers. Additionally, if you create or log into your SheerID account through a third party platform, we will have access to certain information from that platform, such as your unique user identification, email address, and first and last name in accordance with the authorization procedures determined by such platform.
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your interests or personalize your user experience and what Services we show you based on your industry, company, or how you interact with our website.
How We Use Your Information
We use the information that we collect about you or that you provide to us, including any personal information:
- To present, customize, and personalize our website and its contents for you;
- To present, customize and personalize your user experience, including the interactive chat features, and what Services we show you when you visit and interact with our website;
- To create your Remember Me account;
- To process transactions and send you related information, including confirmations, receipts, invoices, and customer experience surveys;
- To personalize and improve your experience on our Services;
- To send you technical notices, security alerts, and support and administrative messages;
- To respond to your comments and questions and provide customer service;
- To communicate with you about products, services, and events offered by us and others that we think will interest you. If you do not want us to use your information in this way, see the Your Choices section below for information about how to opt out of these communications at any time;
- To monitor and analyze trends, usage, and activities in connection with our Services;
- To personalize the advertisements you see when you use our Services based on information provided by our advertising partners;
- To market and promote our Services to you;
- To detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and security threats and to protect the rights and property of SheerID and others;
- To debug to identify and repair errors in our Services;
- To process employment applications;
- To pursue the legitimate interests listed below in Additional Disclosures for Individuals in Europe
- To comply with our legal and financial obligations; and
- To carry out any other purpose described to you at the time the information was collected.
How We Share Your Information
- We share personal information to fulfill the purpose for which you provide it. If you seek to accept a benefit from one or more of our Clients, including through participation in Remember Me, that is advertised or located on our website, we will share your information with the Clients. Your information may be used by our Clients to provide you with products or services or to inform you of additional products or services.
- We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of SheerID, our users, the public, or others.
- We share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, acquisition, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our business.
- Personal information is shared between and among SheerID and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
- We share personal information at your direction.
We may also share aggregated or de-identified information that cannot be reasonably used to identify you.
Analytics, Tracking & Targeted Advertising
Online Tracking & Targeted Advertising
For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.
Your Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Account Information. You may update and correct certain account information at any time by logging into your account, emailing us at [email protected], or accessing your user preferences within our Marketing Email Preference Center. If you wish to delete your account, please email us at [email protected] or see Additional Disclosures: U.S. State Privacy Notice & California Notice at Collection or Additional Disclosures for Individuals in Europe below for instructions on how to exercise a deletion or erasure request. Note that we may retain certain information as required by law or for our legitimate business purposes.
- Promotional Offers from SheerID. In the U.S., if you do not wish to have your contact information used by SheerID to promote our own Services, you can opt-out by checking the relevant box located on the form on which we collect your data or at any other time by updating your user preferences within our Marketing Email Preference Center. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions or use the “unsubscribe”. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations. In Europe, we will not send you promotional emails unless we have your opt-in consent.
We store personal data associated with Client or Remember Me accounts for as long as an account remains active. If you close your account, we will delete your account data within 30 days; otherwise, we will delete your account data after two years of inactivity.
We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given your (or where you have chosen a) password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
Additional Disclosures: U.S. State Privacy Notice & California Notice at Collection
California, Colorado, Connecticut, and Virginia have enacted consumer privacy laws that grant their residents certain rights and require additional disclosures and additional states have enacted consumer privacy laws that will be in effect soon (collectively, “State Privacy Laws”). If you are a resident of one of these states, this section applies to you. Note that SheerID enables all of its customers, not just those in states that have passed privacy laws, to exercise Data Subject Requests, defined below.
Under the State Privacy Laws, you may have the following rights, including the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose and access your personal information, including receive the information in a portable format, (2) request deletion of your personal information, (3) request correction of inaccurate personal information, (4) opt out of any “sales” or “shares” of your personal information that may be occurring, including targeted advertising; and (5) not be discriminated against for exercising these rights (“Data Subject Requests”).
You may make these requests by emailing [email protected], calling 1-833-317-3372, or visiting Your Privacy Choices. We will verify your request by asking you to provide information related to your recent interactions with us, such as your account information, name, physical and/or email address, telephone number, or other identifying information. We will not discriminate against you if you exercise your rights under the State Privacy Laws. Please note that this number is for privacy inquiries only. For questions regarding how to complete your verification request, please visit Your Privacy Choices or our Help Center.
If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to submit Data Subject Requests on your behalf. If you are an authorized agent seeking to make a request, please contact us by emailing us at [email protected] or calling 1-833-317-3372.
You may also have the right to appeal the denial of any of these Data Subject Requests, depending on the state in which you reside, by submitting a form that will be provided to you if we deny a data request and are aware that you live in a state that provides an appeal right. Depending on your data choices, certain Services may be limited or unavailable.
SheerID processes all Data Subject Requests and does not screen or limit them by jurisdiction. From January 1, 2022, to December 31, 2022, SheerID received three Data Subject Requests. SheerID responded to those which it was able to verify and authenticate and that were addressed to SheerID in its capacity as a controller.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
California & Colorado Residents
In the preceding 12 months, we have collected and disclosed the following categories of personal information: identifiers, commercial information, Internet or other electronic network activity information, characteristics of protected classifications under state or federal law, and professional or employment related information. We collect personal information for the business and commercial purposes and uses described in the How We Use Your Information section above.
For details about the personal information that we collect and the categories of sources of such collection, please see What Information We Collect and How We Collect It above.
For a list of categories of personal information that we (1) have collected and disclosed in the preceding 12 months to our service providers and vendors for business purposes, and (2) “sell,” “share” or use for “Targeted Advertising” as those terms are defined by the State Privacy Laws, click here.
If you are a resident of the State of Nevada, you have the right to submit a verified request directing us not to sell your personal information. If you are a Nevada resident, and would like to submit such a request, please visit Your Privacy Choices.
SheerID may use de-identified data in some instances. SheerID either maintains such data without attempting to re-identify it or treats such data as personal data subject to applicable State Privacy Laws.
Transfer of Information to the United States and other Countries & Additional Disclosures for Individuals in Europe
SheerID is headquartered in the United States, and we have operations and service providers in the United States and other countries. Therefore, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including putting appropriate safeguards in place such as standard contractual clauses approved under applicable data protection laws.
Additional Disclosures for Individuals in Europe
If you are located in the EU, UK, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal information or data.
When we process your personal information, we will do so in reliance on one or more of the following lawful bases:
- To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
- To pursue our “legitimate interests” in conducting and managing our business activities and to ensure that we are guaranteeing the best service and experience for you and our customers (e.g., to provide, maintain, personalize, enhance and improve our Services, to monitor and analyze trends, usage, and activities in connection with our Services, to enforce our policies and comply with legal obligations, to comply with marketing opt-outs and unsubscribes, to defect, monitor, and prevent fraud or other unlawful acts, or to communicate with you).
- To comply with our legal obligations (e.g., to maintain a record of your consents, track those who have opted out of marketing communications, and comply with other regulatory obligations).
- When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.
Disclosures related to the eduGAIN / Geant Data Protection Code of Conduct can be found here.
We are committed to the Code of Practice which describes an approach to meet the requirements of the EU GDPR in federated identity management.
Subject to certain limitations, you have the following privacy rights:
- Access: you are entitled to ask us if we are processing your information and, if we are, you can request access to your personal information. This enables you to receive a copy of the personal information we hold about you and certain other information about it.
- Correction: you are entitled to request that any incomplete or inaccurate information we hold about you is corrected.
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims.
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Portability: you may ask us to help you transfer certain of your personal information to another party.
- Objection: where we are processing your personal data based on a legitimate interests (or those of a third party), you may challenge this. However, we may be entitled to continue processing your information in case there are compelling legitimate grounds to do so. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: where we are processing personal data with consent, you can withdraw your consent.
The Data Protection Framework
SheerID complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
SheerID has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information or personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. SheerID has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to [email protected] or visit Your Privacy Choices. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
SheerID’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, SheerID remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless SheerID proves that it is not responsible for the event giving rise to the damage.
SheerID Internal Complaint Mechanism
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, SheerID commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us at [email protected] or visit Your Privacy Choices.
SheerID is subject to the investigatory and enforcement powers of the Federal Trade Commission, the Department of Commerce, or other U.S. privacy regulatory bodies pursuant to the Data Protection Framework.
Alternate Dispute Resolution Body
SheerID has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
Supervisory Authorities & Right to Lodge a Complaint
If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Additional Disclosures for Employment Applicants
In addition to the personal information discussed above in the “What Information We Collect and How We Collect It” section, we also collect Candidate Information you provide directly to us, information that we obtain from third parties including references, and information about you that we develop during our interaction with you such as through background check providers, recruitment consultants or professional recruitment agencies. We may also derive Candidate Information by creating a profile reflecting your employment preferences, characteristics, behavior, intelligence, abilities, aptitudes, such as through notes taken as part of the interview process. Some of this information is collected automatically, and other information you may choose to provide to us. The types of personal information we may collect or develop include:
- Identifiers, such as your name, mailing address, email address, phone number, driver’s license or passport number, social security number, visas, and work authorizations.
- Demographic information, when required by law or to support of workplace initiatives, such as your gender, racial or ethnic origin, veteran status, and disability status if you voluntarily submit such information as part of your application.
- Professional or employment-related information, such as your resume or CV, cover letter, work history, educational information, professional licenses, and other experience, as well as contact information for both references and your current employer, employment application, information provided by references, background checks, our assessment of recruitment information.
- Social Networking and Similar Information, to the extent permitted by law, such as social media and public profile information, including URLs related to your LinkedIn, Twitter, and your personal website.
- Other information that you submit, including additional information provided in an application form, cover letter, or other work product.
- If and to the extent relevant for a specific role, information necessary to run a background check, such as information obtained either from you or through reference and background checks, subject to any further permissions or notifications required and/or permitted by applicable law
Sensitive Personal Information: In some cases, we may collect sensitive personal information about you, which requires a higher level of protection. Please note that, where permitted by law, we may collect, store, and use sensitive personal information about you, including race, ethnicity, veteran status, disability status, gender, age, marital status, and health and medical conditions. We collect this information for specific purposes, such as to accommodate a disability or illness, provide benefits, comply with legal obligations, and protect the health and safety of our employees. Please be assured that we will only use such sensitive information to process your application and evaluate your candidacy as reasonably expected by an average person — and in accordance with applicable law.
In addition to the uses of personal information discussed above in the “What Information We Collect and How We Collect It” section, we use personal information to comply with statutory obligations we have in relation to your application, including confirming your eligibility to work in a given location. These purposes include:
- Administering and processing your application, including verifying your identification, experience, and other information you submit and, if your application progresses, any interview information, and background check information.
- Communicating with you about your application.
- Assessing and evaluating your suitability for the role for which you have applied or for other vacancies.
- Conducting reference and background checks, including criminal records checks.
- Complying with applicable laws and employment-related requirements, including verifying identification information and information required to initiate employment, for purposes such as confirming ability to legally work in a specific location, setting up payroll, withholdings and benefits, and complying with statutory reporting requirements.
- For other notified purposes with your consent.
If you accept employment with SheerID, your Candidate Information will become part of your employment record and will be used for employment purposes in accordance with applicable law and any applicable employee Privacy Notice and Notice at Collection. If you are not accepted for a role, however, we may still keep your application, including relevant Candidate Information, to allow us to consider you for other career opportunities and provided that, if required by applicable laws, we obtained your prior consent for such longer retention of your personal data.
E-mail address: [email protected]
Postal address: 1300 SW 5th Avenue, Suite 2100, Portland, OR 97201 USA
Web Form: https://www.sheerid.com/contact-us-form/
Data Protection Officer:
Greg Damon is SheerID’s Data Protection Officer. On matters related to the processing of personal data, Greg Damon can be contacted at [email protected].
Francois Rychlewski is SheerID’s Article 27 (GDPR) representative in the European Union. On matters related to the processing of personal data, Francois Rychlewski can be contacted in addition to SheerID. Francois can be contacted at [email protected].
Last Updated: October 12, 2023