Transmit Security Privacy Statement | Transmit Security

Transmit Security Privacy Policy

This Privacy Statement is effective as of May 9, 2023

To read this page in Spanish, click here.

This privacy policy (“Policy”) describes how Transmit Security and its related or affiliated companies (“Transmit”, “us”, “we”, “its” and “our”) collects, uses, discloses and shares the personal information of users of its website (“Website Visitors”) at https://www.transmitsecurity.com/ (“Website”), as well as end users of customers (“Users”) of its identify verification and security products (the “Platform”, together with the Website, the “Services”) and other individuals within our customers, business partners, suppliers, and other organizations with which Transmit Security has or contemplates a business relationship (“Customers”, altogether with Website Visitors and Users, “you”).

If you have any questions or concerns about this Policy or its implementation, please contact us at privacy@transmitsecurity.com or as otherwise described in the “Contact us” section below.

The Transmit Security entity identified in the “Contact us” section below is responsible for processing your personal information, and if applicable is the controller of such data. In relation to Website Visitors and Customers, Transmit Security is always the controller of your personal information and this Policy applies.

Transmit Security as processor.

When Users are provided with access to our Platform by any of our Customers, including for the purpose of verifying a User’s identity, Transmit Security will usually be the processor of the personal information a User provides to the Platform and the Customer will be the controller. There are a few circumstances where we act as a separate controller of User personal information, which are set out below this paragraph. Where we process Users’ personal information as a processor, this means that we will only process such personal information on the instructions of our Customer and for our Customers’ own purposes. This includes sharing personal information you have provided for the benefit of one Customer with other Customers using the Transmit’s Security Platform to verify your identity. Please refer to the privacy policy of our Customer for information as to how they use your personal information and how to exercise your rights. Please contact that Customer directly if you have questions as to how your data is processed, and to exercise your rights.

Transmit Security as controller.

If you use Transmit Security Identity Network Platform, you may be given the option to reuse the identity information you provide in connection with the verification of your identity for one client to build a profile that can be used to verify your identity with other Customers via the Platform (“Identity Network Profile”). If you choose to build such a profile, in addition to being a processor for the Customer, we will also be a controller of the personal information you as a User have chosen to reuse, and this Policy will apply.

For some of our Platform services, including Transmit Security Identity Verification Services, we will use User personal information for which we are a processor for the purpose of improving our Services. We will be a controller of such personal information.

We collect personal information about you from different sources listed below. In this Policy, “personal information” means any information that we process about you that relates to you, or that can be used to identify you directly or indirectly, and does not include data whereby personally identifiable information has been removed (such as anonymous data).

Personal information you provide to us

  • Customer account information: If you are a Transmit Security Enterprise Customer and create an account with us to use the Platform and depending on the service, we may collect your full name, email address, company details, password and other information that the Customer may input into the Platform.

  • User information: If you are User, we collect personal information about you to verify your identity or provide other security services to our Enterprise Customers via the Platform. The information you provide depends on the Platform service, but if you create an account to use our Identity Network, we collect your full name, address, username, password and date of birth. When we provide certain services to Customers, we will collect on their behalf a copy of your government issued ID and a selfie, which we process as described in part A of the “How we use your personal information” section below.

  • Correspondence and other communications: When you contact us, including via our Services such as to request a demonstration of the Platform, via email, social media or other means, we collect your full name, contact details such as email address and phone number, and job title and company name. We also, as applicable, process the content of your communication.

  • Support information: When you request technical support services, we will process your personal information such as your name and the contact details you use to contact us, as well as information on the reasons for your support request, and any additional information you may provide in that context.

  • Blog subscription: When you subscribe to our blog, you provide us with your name and email address

Where applicable, we may indicate whether and why you must provide us with your personal information as well as the consequences of failing to do so. For example, it may be necessary for you to disclose certain personal information in order for us to provide the Services to you.

Information collected via automated means

  • Device data: We collect information about the User’s device such as the device’s operating system type and version, manufacturer and model, browser type, device type (e.g., phone, tablet), IP address, language settings, mobile device carrier, mobile network information (e.g., Wi-Fi, LTE, 4G), and general location information such as city, state or geographic area.

  • Usage data: When users access and use the Services across the Platform, we may receive and store information about interactions with our Services, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

Information We Receive from Third Parties

We receive personal information from the third parties below, which process your information in accordance with their own privacy policies. Please review these policies carefully before using their services.

  • Social media information: We maintain pages on social media platforms, such as LinkedIn, Facebook, Twitter and Instagram. You or the platform providers may provide us with information through the social media platform, and we will treat such information in accordance with this Policy.

  • Other sources: We may obtain your personal information from other third parties, such as marketing partners, publicly available sources and lead generators and other Customers. We may add this to the information that you provide to us through the Services. For example, if you are a User, we may combine the information about you from different Customers.

  1. Biometric Information

    As part of the Services that we provide to our Customers, Users may be required to upload a photo of their government-issued ID and a selfie. As a service provider and processor, and on the instructions of our Customers, we collect, use, disclose and store Users’ biometric identifiers and biometric information derived from the images Users upload to confirm that both facial images match and to verify Users’ identity.

    We may also use biometric identifiers and biometric information in our legitimate business interests for the compliance and protection, analytics, and product improvement purposes described in part B of the “How we use your personal information” section below. When we use biometric identifiers for analytics and product-improvement purposes, we are not using such information for the purpose of uniquely identifying individuals. We process this data for scientific research or on the substantial public interest grounds of fraud prevention and avoidance of bias and discrimination.

    We may share Users’ biometric identifiers and biometric information with the parties identified in the “How we share your personal information” section below, except that we will never use or share such information for advertising or marketing purposes.

    We will retain the biometric information and biometric identifiers for compliance and protection reasons, in no event longer than one year following your last use of our services.

  2. Other Personal Information

    We will use your other personal information for one or more of the purposes set out below.

    • To provide you with the Platform. If you are a Customer, we use your personal information, including customer account information, payment and transaction information and information collected via automated means, to operate, maintain and provide you with the Platform to perform any contract we have with you under the Transmit Security Cloud Services Agreement. In particular we use personal information to allow you to create and use an account, and to deliver the requested Platform services to you.

    • To provide you with the Website and its features. If you are a Website Visitor, it is in our legitimate business interests to use your personal information, including correspondence information, blog subscription information, and information collected via automated means, to operate, maintain and provide you with the Website, and to respond to any requests you make via the Website, including if you request a demonstration of the Platform.

    • To provide you with the Identity Network authentication Platform. If you are a User and choose to create an Identity Network Profile, we use your personal information, including user information, information collected via automated means, and information from other sources, to perform our contract with you to allow you create your account, and deliver the authentication service to you.

    • To provide you with support and to respond to your requests and complaints. If you reach out to us for support or for other reasons, it is in our legitimate interests to use personal information, including your correspondence with us, your contact details, your social media information, and to the extent applicable other personal information processed about you when you use our Services, to respond and resolve your queries and facilitate support.

    • To communicate with you about our Services. It is in our legitimate interests to communicate with you about our Services including by sending you announcements, updates, security alerts, and support and administrative messages. The personal information we process when doing so includes your contact details, account information and information collected via automated means.

    • To protect, investigate and deter against fraudulent, harmful, unauthorized or illegal activity. It is in our legitimate interests to keep our Services safe for our users, which includes conducting troubleshooting, testing and research and to keep the Services secure. When doing so we may use any applicable personal information that we hold about you including information collected via automated means.

    • To monitor and analyze trends and use of our Services, and to improve our Services. It is in our legitimate interests to analyze the use of our Services, and to use your personal information to improve our existing Services and create new products and services. When doing so, we will process personal information such as user information, and personal information which is collected via automated means.

    • To present you with interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services around the web. These companies may use cookies and similar technologies to collect information about your interactions and use that information to serve online ads that may be of interest to you. For more information and to understand your choices, please see our Cookie Policy. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. Except where consent is required, we engage such advertising partners on the basis of our legitimate interest in marketing our services.

    • To customize the Services. It is in our legitimate interests to provide you with a tailored service. The personal information we use to do so includes information we collect via automated means.

    • To enforce the Transmit Security Cloud Services Agreement, to comply with legal obligations and to defend Transmit Security against legal claims or disputes. It is in our legitimate interests to enforce and comply with our terms and policies, to ensure the integrity of our Services and to defend ourselves against legal claims or disputes. Where we do so, we will use the personal information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on Transmit Security for example to keep records of transactions, or as requested by any judicial process or governmental agency.

    • For aggregation and anonymization. It is in our legitimate interests to aggregate or anonymize personal information in a form that does not allow users to be personally identified and use the resulting information for statistical analysis regarding the use of the Services, such as to better understand our customer base, or for other purposes.

    We will only process personal information on the basis of our legitimate interests where such interests are not overridden by your interests or your fundamental rights and freedoms. Where we process personal information on this basis, or for the purpose of direct marketing, you have the right to object to the processing of personal information we hold about you.

    Where we process personal information on the basis of your consent, such consent can be withdrawn at any time, including by contacting us in the “Contact us” section below. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdraw your consent.

We use automated means to make decisions about your identity when you choose to create an Identify Network Profile. We use machine learning models to verify your identity. Note that given the nature of our services, these models change regularly. If you pass a check with our Identity Network Platform, and we do not identify any signs of fraud, our Customers may let you proceed with accessing their services. If you do not pass a check with our Identity Network Platform, our Customers may reject you from using their services or request additional checks.

Where Transmit Security is acting as a processor in relation to your personal data, and a Customer uses your personal information to make automated decisions about you, please reach out to that customer with any questions you may have about that processing and your rights.

We disclose personal information about you with the following recipients and in the following circumstances:

  • Affiliates: Affiliates and subsidiaries of Transmit Security, for purposes consistent with this Policy.

  • Service Providers: We rely on vendors and service providers for the provision of our Services and for the purposes set out above, such as providers of analytics, hosting and cloud computing services and other IT services and customer support services in addition to other administrative services. These third parties may have access to or process your personal information as part of providing these services.

  • Advertising Partners: We engage our advertising partners, including third party advertising companies and social media companies, to display ads around the web and share personal information with them for this purpose, as set out in our Cookie Policy below. These companies do so in line with their own privacy policies.

  • Advisors: We work with various advisors, including tax consultants and legal advisors, with whom we may share your personal information.

  • Legal: Information about our users, including personal information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Transmit Security, Users, Customers, Website Visitors, a third party, or the public.

  • Business Transaction: If Transmit Security is involved in a merger, acquisition or asset sale, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be sold, transferred or otherwise shared including as part of any due diligence process.

We collect information from your visits to our websites and your use of our Transmit Security services and our software products to help us gather statistics about usage and effectiveness, personalize your experience, tailor our interactions with you, and improve our products and services. We do so through the use of various technologies, including scripts, tags, Local Shared Objects (Flash cookies), Local Storage (HTML5) beacons, and “cookies”.

What are cookies and why are cookies used? A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as a tag that identifies your computer. While cookies are often only used to measure website usage (such as number of visitors and duration of visit) and effectiveness (such as topics visitors are most interested in) and to allow for ease of navigation or use and, as such, are not associated with any personal information, they are also used at times to personalize a known visitor’s experience of a website by being associated with profile information or user preferences. Over time this information provides valuable insight to help improve the user experience.

Cookies are typically categorized as “session” cookies or “persistent” cookies. Session cookies help you navigate through the website efficiently, keeping track of your progression from page to page so that you are not asked for information you have already provided during the current visit, or information needed to be able to complete a transaction. Session cookies are stored in temporary memory and erased when the web browser is closed. Persistent cookies on the other hand, store user preferences for current and successive visits. They are written on your device’s hard disk and are still valid when you restart your browser. We use persistent cookies, for example, to record your choice of language and country location.

How to express privacy preferences regarding the use of cookies When visiting our websites or online services, you may have the possibility to set your preferences regarding cookies and other similar technologies by using the options and tools made available to you by either your web browser or Transmit Security. If a cookie manager has been implemented by Transmit Security, it will be displayed at your first visit to our website. By clicking ‘cookie preferences’ at the footer of a Transmit Security website you can choose and change at any time which types of cookies you would like our websites and Transmit Security services to use. You can indicate your preference for required, required and functional or required, functional and personalization cookies. Here you can also find more information on the types of cookies used. Using the cookie preferences does not result in deletion of cookies that are already on your device. You can delete cookies already on your device via the settings of your web browser.

While Transmit Security websites, online and services at this time do not recognize automated browser signals regarding tracking mechanisms, such as “do not track” instructions, you can generally express your privacy preferences regarding the use of most cookies and similar technologies through your web browser. Look under the heading “Tools” (or similar heading) in your particular browser for information about controlling cookies. In most instances you can set your browser to notify you before you receive a cookie, giving you the option to decide whether to accept it or not. You can also generally set your browser to turn off cookies. Cookies in our software products can be turned off in the product itself. Since cookies allow you to take advantage of some of our websites’ features or features of our software products and Transmit Security services, we recommend that you leave them turned on. If you block, turn off or otherwise reject our cookies, some web pages may not display properly or you will not be able to, for instance, add items to your shopping cart, proceed to checkout, or use any website or Transmit Security services that require you to sign in.

Some Transmit Security websites, Transmit Security services and software products may also use web beacons or other technologies to better tailor those sites to provide better customer service. These technologies may be in use on a number of pages across Transmit Security’s websites. When a visitor accesses these pages, a non-identifiable notice of that visit is generated which may be processed by us or by our suppliers. These web beacons usually work in conjunction with cookies. If you don’t want your cookie information to be associated with your visits to these pages or use of these products, you can set your browser to turn off cookies or turn off cookies in the product itself, respectively. If you turn off cookies, web beacon and other technologies will still detect visits to these pages; however, they will not be associated with information otherwise stored in cookies. For more information about the technologies employed by our Transmit Security services and software products, including how to turn them off, please consult the user guide for the particular software product or Transmit Security services you are using.

We use Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our website or to display Transmit Security advertising on others’ websites based upon your web browsing activity also use Flash cookies or HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5. To manage Flash cookies, please click here.

We may also include web beacons in marketing e-mail messages or our newsletters in order to determine whether messages have been opened and links contained within clicked on.

Some of our business partners set web beacons and cookies on our site. In addition, third-party social media buttons may log certain information such as your IP address, browser type and language, access time, and referring website addresses, and, if you are logged in to those social media sites, they may also link such collected information with your profile information on that site. We do not control these third party tracking technologies. Note that the “s81c.com” domain used to deliver static content on some of our web sites, is managed by Transmit Security, and not by a third party.

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us as provided in the “Contact Us” section below. You may continue to receive services-related and other non-marketing emails.

Online tracking opt out. You can opt out of third-party cookies as described in our Cookie Policy.

Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our services, you may request the following in relation to personal information:

  • information about how we have collected and used personal information. We have made this information available to you without your having to request it by including it in this Privacy Policy;

  • to access the personal information, we hold about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format;

  • to request we correct any inaccurate personal information we hold about you;

  • to request we delete any personal information we hold about you;

  • to restrict the processing of personal information we hold about you;

  • to object to the processing of personal information we hold about you where we are processing your personal information for our legitimate interests, or where we are processing your personal information for direct marketing purposes; and

  • to opt out of targeted advertising and the sale of personal information. We collect and share personal information with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as described in our Cookie Policy or by clicking Your Privacy Choices on the footer of our website. We will not sell or use your biometric information or biometric identifiers for targeted advertising purposes.

To make a request, please email us or write to us as provided in the “Contact us” section below. We may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “Contact us” section below.

We transfer your personal information internationally, including within Transmit Security and to service providers in the United States, which means personal information you provide to us will be processed and stored in that country. Please note that the recipient countries may not provide the same protections as the data protection laws where you are based.

We will ensure that relevant safeguards are in place to afford adequate protection for your personal information, and we will comply with applicable data protection laws, in particular if you reside in the European Economic Area (“EEA”), Switzerland or the UK by relying on an EU Commission or UK government adequacy decision, on contractual protections for the transfer of your personal information or a derogation if available. For more information about how we transfer personal information internationally, please contact us as set out in the “Contact Us” section below.

Our Services are not directed to children, and we do not knowingly collect personal information from anyone under the age of 16. If you have reason to believe that a child under the age of 16 has provided information to Passthrough please contact us using the “Contact us” section below and we will try to delete that information from our databases.

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention procedures, and in accordance with applicable laws or until you withdraw your consent (where applicable).

To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we process. For example:

  • Each Customer’s database on the Platforms is encrypted with a different encryption key to prevent any data leaks and to prevent Transmit Security staff from accessing Customers’ data. Transmit Security manages the keys securely in a protected key store.

  • We protect your personal information with firewalls and networking tools such as Anti-DDoS. Any type of access to your personal information is audited.

Furthermore, because certain areas on our Services are less secure than others (for example, if you set your support forum ticket to be “Public” instead of “Private”, or if you browse to a non-SSL page), and since e-mail and instant messaging are not recognized as secure forms of communications, we request and encourage you not to share any personal information on any of these areas or via any of these methods.

Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee its security.

Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.

The Services may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

We will update this Policy from time to time. Please review this Policy periodically for any changes. If we make material changes, we will let you know. Changes to this Policy are effective when they are posted on this page.

If you wish to lodge a complaint about how we process your personal information, please contact us at privacy@transmitsecurity.com. You may also submit a complaint to the data protection regulator, including in your country of residence, place of work, or where you believe an incident took place. For example, if you are based in the UK, you may choose to lodge a complaint with the Information Commissioner’s Office here, and if you are located in the EEA, you can find your data protection regulator here.

Contact us

The Transmit Security entity responsible for the processing of your personal information varies depending on your location:

  • If you are located in North America, Latin America or Japan, Transmit Security, Inc., based at 201 Washington Street, Suite 2600, Boston, MA 02108, United States is responsible.

  • If you are located in Canada Transmit Security (CA) Services Ltd., based at 400-725 Granville Street, Vancouver BC V7Y 1G5 Canada is responsible.

  • If you are located anywhere else, Transmit Security Ltd., based at 94 Yigal Alon Street, Tel Aviv, 6789139, Israel is responsible, and if you are located in the EEA or UK, this entity is the data controller.

If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at
privacy@transmitsecurity.com.

Alternatively, we have appointed Niels Decraene, as our EU data representative, and our UK data representative.

You can contact our EU and UK representative at niels@transmitsecurity.com.