We want you to understand the type of information we collect. In this Notice, “Personal Data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. We do not collect or process sensitive/special data as defined by the FADP and the GDPR, except where necessary for identity verification and user due diligence purposes to comply with applicable anti-money laundering and counter-terrorism financing laws.

--

1.1. Personal Data provided by you

We collect Personal Data that you voluntarily provide to us when you communicate with us or use our Services, including when you subscribe to newsletters, register for events, apply for a job, make a donation, purchase carbon credits, or otherwise interact with us.

We may also collect certain Personal Data where necessary to perform a contract with you or to comply with applicable legal obligations. Where required by law, we will obtain your consent before processing your Personal Data.

The categories of Personal Data we collect may include (list non exhaustive):

Identity information

• Name and surname
• Date of birth
• Nationality or citizenship

Contact data

• Physical address (including postal code and country)
• Email address
• Telephone number

Payment and financial information

We collect payment and financial information when necessary to process payments, including payments to suppliers, contractors, service providers, donations, or purchases.

• Bank account details (e.g., IBAN, account number, bank name, routing details)
• Cardholder name
• Card number and expiration date (where applicable)
• Invoice details
• Tax information required for payment processing or regulatory compliance
• Other information necessary to execute and document the payment

Payments are processed by us or through authorised third-party payment service providers in compliance with applicable laws, financial regulations, and security standards (including PCI DSS where applicable).

Marketing, market research & consumer feedback

Information you voluntarily provide regarding your experience with our products and services:

This may include:

• Marketing preferences (e.g., preferred communication channels, product and services interests)
• Subscription details (e.g., newsletter sign-ups, event registrations, mailing lists)
• Responses to marketing campaigns (e.g., survey participation, promotional offers, contests)
• Engagement with promotional materials (e.g., email opens, clicks, downloads, website interactions)
• Referral sources (e.g., how you heard about us, referral codes, partner campaigns)
• Customer feedback (e.g., product reviews, testimonials, surveys, focus group responses)
• Consumer insights (e.g., preferences, satisfaction ratings, product usage experiences)
• Social media interactions (e.g., comments, direct messages, campaign participation)
• Event participation information (e.g., webinars, product demos, trade shows)
• Communication history with our marketing or customer engagement teams

Audio and visual data

• Photographs
• Video recordings
• Audio recordings
• Social media account information, including public posts

Recruitment information

If you apply for a position with us, you may provide:

• CV/résumé
• References
• Motivation letter
• Job title
• Availability date
• Salary expectations
• LinkedIn profile
• Eligibility to work in relevant countries

Employment data

• Employment details
• Job titles and descriptions
• Workplace location
• Professional qualification
• CV and resumes
• Company/organization name

Professional data

• Professional licenses
• Authorisations
• Industry certifications
• Memberships in professional bodies and associations

--

1.2. Categories of Personal Data Processed for KYC/AML Compliance

Where required to comply with applicable Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, we process the following categories of personal data for identity verification and compliance purposes through our third-party verification provider, Sumsub.

In connection with such verification, we (and Sumsub on our behalf) may collect and process the following categories of Personal Data where required by law (list non exhaustive)

Identification Data

• Full legal name
• Date and place of birth
• Nationality and citizenship
• Gender
• Passport number or National ID card details
• Government-issued identification numbers
• Tax identification number (where required)

Identity Documents

• Copies or images of government-issued identification documents
• Proof of address documents
• Selfies or live photos for identity verification
• Video recordings for liveness verification or enhanced due diligence

Biometric Data (cf. Annex II-Consent and Privacy notice wording)

• Facial recognition data derived from submitted photos or videos
• Liveness detection data

Financial and Source of Funds Information

• Source of funds and source of wealth information
• Employment details and occupation
• Bank account details (limited to verification purposes)

Compliance Screening Data

• Politically Exposed Person (PEP) status
• Sanctions screening results
• Watchlist screening results
• Adverse media screening results

Device and Technical Data

• IP address
• Device information
• Fraud detection and risk indicators

--

1.3. Personal Data collected automatically

We and our third-party partners automatically collect information when you navigate and interact with our Website such as your browser type and operating system, the web pages you view, the links you click, your device address (IP), the time and  date of access, your language preferences, the length of time you spend on our Website, and the referring URL, or webpage that led you to our Website, the information or keywords you search for on the Website.

This information is captured using automated technologies such as cookies and web beacons, and third-party tracking for analytics and advertising purposes. 

We also rely on analytics and tools used to prevent spam and other security risks associated with the use of abusive automated software. You can choose your preferences about cookies and other trackers by accessing the preference center on our Website. You have the right to object to the use of such technologies for further details please see Article 7.1.

Visit our Cookie policy for more information on the types of cookies and other trackers we use on our Website.

--

1.4. Third-party sources

Our Website may contain links to third-party websites and social media platforms, including but not limited to Google, Vimeo, Facebook, X, Instagram, YouTube, LinkedIn. These third parties may collect information about you when you visit or interact with their platforms. GSF does not control and is not responsible for the processing of Personal Data by these third parties. We encourage you to review the privacy policies and notices of any third-party websites or platforms to understand how they collect, use, and share your information.

--

1.5. Minors

Our Website is intended for general audiences. We do not knowingly collect or solicit Personal Data from individuals under the age of 18.

If you are under 18, please do not register on our Website or submit any Personal Data to us. Should we become aware that we have collected Personal Data from an individual under 18, we will take reasonable steps to delete such information as soon as possible.

If you believe that a child under 18 has provided us with Personal Data, please contact us at [email protected].

To access and use our Website, you must be at least 18 years old and legally capable of entering into binding agreements.

Legal Basis for processing Personal Data

GSF processes your Personal Data only when we have a valid legal basis under applicable data protection laws. The legal basis depends on the type of Personal Data and the purpose of processing:

• Contractual necessity: to provide services, process orders, donations, subscriptions, event registrations, or carbon credit purchases.
• Consent: for voluntary activities such as subscribing to newsletters, market research, surveys, career applications, or receiving targeted communications. You may withdraw your consent at any time.
• Legitimate interest: for administrative purposes, improving our services, maintaining security, preventing fraud, or communicating with you about activities relevant to our mission. We ensure that processing based on legitimate interests is carefully balanced against your rights and freedoms.
• Legal obligation: when processing is necessary to comply with applicable laws or regulatory requirements.

--

2.1. Personal Data you provide directly

Personal Data you provide through our Website is used to:

Orders and donations

• Process and fulfill orders
• Manage donations
• Request post-purchase or post-donation feedback.

Communications

• Send newsletters, technical updates, marketing messages, or administrative information.

Events and activities

• Manage participation in webinars, trainings, workshops, physical events
• Send administrative messages, marketing communications, or feedback requests.

Support and enquiries

• Respond to helpdesk or branding enquiries
• Process surveys, feedback, or other requests.

Accounts and applications

• Conduct identity verification and user due diligence, and to prevent money laundering and the financing of terrorism 
• Create and manage user accounts (e.g., GSF Impact Registry)
• Process job applications in line with recruitment obligations
• Conduct reference checks or background checks as required.

Website usage and recommendations

• Track your visits and interactions on our Website to improve usability
• Suggest services or products based on your purchases or activity
• Provide targeted content or advertising relevant to your interests.

We retain this information to enhance our Services, tailor content, and provide a better user experience.

--

2.2. Personal Data collected automatically

• Automatically collected data is primarily used to :
• Identify, monitor, and prevent abuse or fraud
• Analyze usage and generate statistical insights
• Conduct audits and compliance monitoring
• Develop, improve, or modify our Website and Services
• Identify trends and assess promotional campaigns
• Operate and expand our activities.

Some data may be shared with vendors for technical support or analytics purposes. All statistical information is aggregated to prevent identification of individual users. Log files are maintained to ensure functionality and security.

--

2.3. Purpose of Personal Data received from other sources

We may receive Personal Data about you from third parties acting on your behalf or from our partners who work with us. This data is used only for the purposes described above.

--

2.4. Payment information

If you make a payment, we may collect credit card or other payment account information to process your payment. Payments are handled securely via third-party payment processors, who comply with PCI Security Standards.

Payment information is only shared as necessary for:

• Processing payments
• Refunds
• Handling complaints or queries

The use of your payment data is governed by the payment processors’ privacy notices. We encourage you to review them.

The provision of Personal Data on our Website is generally optional. If you choose not to provide Personal Data you can still browse and use our Website.

However, certain actions may not be possible without it, including (but not limited to):

• Placing orders or making purchases
• Registering for newsletters or marketing communications
• Applying for jobs or creating user accounts.

Choosing not to provide Personal Data will not affect your ability to access publicly available information or general content on the Website.

4.1. No sale of Personal Data.

GSF do not sell your Personal Data.  We only share or disclose Personal Data as described in this Notice or as explicitly communicated to you when your data is collected.

--

4.2. Sharing of Personal Data

GSF may share your Personal Data with third parties in connection with the operation of our Website and Services, always in accordance with applicable data protection laws. This may include:

• Trusted partners, supporters, such as donors and NGOs, where necessary to carry out our mission
• Approved service providers and contractors, including those providing IT, finance, accounting, marketing, payment processing, document management, KYC/AML verification and due diligence, archiving, disaster recovery, or other operational support
• Marketing and analytics providers, including platforms such as Google Ads and Google Analytics, which help us understand usage of our Website, deliver relevant content, and improve our Services
• Authorities or other third parties, when disclosure is required by law, necessary to protect safety, prevent fraud, enforce our terms, or investigate suspected illegal activity.
• Individuals you have named as references, for verification purposes.

All recipients are required to process your Personal Data securely and only for the purposes for which it was shared, in compliance with applicable data protection laws. Where Personal Data is transferred outside Switzerland or the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized measures, to protect your information.

You can manage or opt out of marketing and analytics tracking by adjusting your browser settings or using the opt-out mechanisms provided by these services.

--

4.3. Legal and Regulatory Disclosures

GSF may also disclose your Personal Data to governmental authorities or law enforcement officials when required or permitted by law, for example:

• To comply with legal obligations, legal actions, or lawful requests from authorities
• To protect and defend our legitimate interests
• To respond to legal processes, investigations, or to protect the safety and vital interests of individuals

The Website is controlled and operated by GSF from Switzerland.

Your Personal Data may be transferred to and stored and processed in countries outside Switzerland and the European Economic Area (EEA), including by employees, agents, service providers or contractors acting on behalf of GSF.

When Personal Data is transferred outside Switzerland or the EEA, GSF ensures that such transfers are carried out in accordance with applicable data protection law, including the Swiss Federal Act on Data Protection (revFADP) and, the EU General Data Protection Regulation (GDPR).

Such transfers may be made to countries that are recognised as providing an adequate level of data protection by the Swiss Federal Council and/or the European Commission, or, where this is not the case, on the basis of appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC), supplemented where necessary by additional technical and organisational measures.

From a geographical perspective, GSF endeavors where possible, to select processors and hosting providers located in Switzerland and the EEA.

We do not keep your Personal Data longer than necessary and only for as long as required to fulfil the purposes describe in this Privacy Notice. Retention periods may vary depending on the categories of Personal Data and the processing activities involved.

When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether these purposes can be achieved by other means, and applicable legal requirements.

In particular, retention periods are guided by the following principles:

• Consent: Where processing is based on your consent, we retain your Personal Data until you withdraw that consent.
• Contractual obligations: Where processing is necessary to perform a contract with you, we retain your Personal Data for the duration of the contract and any additional period required by applicable local statutes of limitation.
• Legitimate interests: Where processing is based on our legitimate interests, Personal Data will be retained for a limited period appropriate to ensure fair processing, or until you object to such processing, unless we have compelling legitimate grounds to continue processing or need the data for the establishment, exercise, or defence of legal claims.
• Legal obligations: Where processing is necessary to comply with a legal obligation, retention periods are determined in accordance with applicable law.
• Legal claims: Where Personal Data is needed for the establishment, exercise, or defence of legal claims, it will be retained until the relevant claims have been fully resolved or until the applicable retention period expires.

At the end of the retention period, Personal Data will be deleted or anonymized using processes and methods that comply with applicable data protection standards.

Please note that once Personal Data is deleted or anonymized, it is no longer considered Personal Data under applicable law and will therefore fall outside the scope of this Privacy Notice, except for data retained in our archives in accordance with legal or regulatory obligations.

Every user is entitled to exercise the following rights with respect to their Personal Data:

• Right to access: you have the right to request information about your Personal Data that we hold, commonly known as “data subject access request” (DSAR). This enables you to receive a copy of the Personal Data we process about you;
• Right to rectification: you may request that GSF correct any Personal Data you believe is inaccurate, or complete any information you believe is incomplete
• Right to erasure: you may request that GSF erase your Personal Data under certain conditions
• Right to restriction of processing: you may request that the processing of your Personal Data be restricted under certain conditions
• Right to data portability: you may request that GSF transfer the Personal Data we have collected to another organization or directly to you, where technically feasible, under certain conditions
• Right to object to processing: you have the right to object to the processing of your Personal Data if the processing is carried out on a legal basis other than your consent
• Right to withdraw your consent:  if our processing of your Personal Data is based on your consent, you may withdraw it at any time.
• Right not to be subject to any automated decision making and profiling: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects;
• Right to lodge a complaint to the supervisory authority: you may lodge a complaint with a competent supervisory authority if you believe your data protection rights have been violated.

If you have any questions about the Personal Data, we hold about you, or if you wish to exercise your data protection rights, you may submit a request using our Data Subject Acess Request (DSAR) form:

___

DSAR

___

To process your request, we may ask for your specific information to verify your identity and ensure the security of your Personal Data.

We will respond to your request within one month of receipt. This period may be extended by up  to additional two months, where necessary, taking into account the complexity and number of requests. In such cases, we will contact you within one month of receiving your request, explain the reasons for the delay, and provide an estimate of when a response will be provided.

Depending on the scope of the request, and where permitted by applicable law, we may charge reasonable fees to cover the costs incurred in connection with the request.

In limited circumstances and in accordance with applicable laws and regulations, we may refuse or restrict access to your Personal Data. Where this occurs, we will provide you with an explanation of our decision, subject to legal restrictions.If you have any other questions, concerns, or complaints regarding this Privacy Notice, we encourage you to contact us using the details below:

Gold Standard Foundation

Registered address:

Avenue Louis-Casai 79

1216 Cointrin

Geneva, Switzerland

Operational address:

International Environment House 2.

Chemin de Balexert 7-9

1219 Châtelaine

Geneva, Switzerland.

Data Protection Office email: [email protected]

If you feel unsatisfied with our response or handling of your Personal Data, you have the right to lodge a complaint with your competent supervisory authority. GSF will not discriminate against you for exercising your privacy rights.

9.1. Cookies/Similar Technologies

We use cookies and similar technologies to operate our Website, enhance user experience, analyse usage, deliver relevant content, and provide certain services. Cookies may include session cookies, persistent cookies, and third-party cookies.

Some of the third-party services we use include:

• Google Analytics – for website usage analytics and performance reporting
• Google Ads – for advertising, remarketing, and delivering relevant marketing content

For detailed information about the cookies we use, their purposes, and how you can manage your cookie settings, please see our Cookie Policy. You can adjust or withdraw your consent to non-essential cookies at any time.

--

9.2. Log Files

We automatically collect information through log files when you visit our Website. Log files record activity such as IP addresses, browser type, device information, and pages visited. This information helps us troubleshoot problems, maintain Website security, improve performance, and compile statistics about Website usage.

--

9.3. Web Beacons

Web beacons (also known as “web bugs”) are small strings of code that deliver a graphic image on a web page or in an email for the purpose of transferring data back to us. The information collected via web beacons includes information such as your IP address, as well as information about how you respond to an email campaign (e.g. at what time the email was opened, what links you clicked on in the email, etc.). We may use web beacons on our Website or in emails we send to you. We use web beacon information for a variety of purposes, including but not limited to, site traffic reporting, unique visitor counts, advertising, email auditing and reporting, and personalisation.

--

9.4. User control and consent

All information collected through cookies, tracking technologies, log files, or web beacons is processed in accordance with applicable data protection laws. Non-essential cookies and tracking technologies require your consent, which you can provide or withdraw at any time via the Cookie Policy or your browser settings. You can also use opt-out mechanisms provided by the third-party service providers, such as:

• Google Analytics Opt-out
• Google Ads Settings

We take the security of your Personal Data seriously and implement reasonable administrative, technical, and physical safeguards to protect it against unauthorized access, use, modification, or disclosure. Your information is stored on secure computer servers in controlled environments, in line with internationally recognized security standards.

However, no data transmission over the Internet or wireless networks can be guaranteed to be completely secure. Despite our best efforts, we cannot guarantee the absolute security, integrity, or privacy of any information exchanged between you and the Website or Services.

Therefore, you acknowledge that:

• The Internet has inherent security and privacy limitations beyond our control
• Information and data transmitted between you and the Website or Services may, in rare circumstances, be intercepted or accessed by unauthorized third parties
• The security of your Personal Data also depends on the security of your devices and the measures you take to protect your credentials.

Please take appropriate steps to safeguard your devices, login credentials, and any Personal Data you transmit to us.

We may update this Privacy Notice at any time to reflect changes to our practices, legal requirements, or the operation of the Website and Services. If we do so, we will revise the “last updated” date at the bottom of this page. An updated version of this Privacy Notice will become effective immediately on the date it is published,  unless otherwise specified. Your continued use of the Website and Services after the effective date of an updated Privacy Notice indicates that you have been informed of the changes. However, we will not, without your consent, process your Personal Data in a manner materially different from the purposes and legal bases stated at the time of collection without obtaining your consent or another valid legal basis, as required by applicable law.

This Annex forms part of the Gold Standard Foundation Privacy Notice and must be read in conjunction with it. All general provisions regarding data subject rights, international transfers, data security, and contact details apply equally to Media captured at GSF Events.

1. Scope

As part of conferences, workshops, seminars, trainings, and other events (“Events”), GSF may capture photographs, audio recordings, video recordings, and live-streamed content (collectively “Media”).

Such Media may include identifiable images, voice recordings, statements, or other personal data of attendees, speakers, moderators, sponsors, or guests.

Media may be used for promotional, communication, educational, documentation, archival, and reporting purposes.

2. Legal Basis for Processing

Depending on the context, Media processing is based on one or more of the following legal grounds:

• Consent (Art. 6(1)(a) GDPR; Art. 31 FADP), where individuals actively agree or where close-up or featured recordings are taken.
• Legitimate Interests (Art. 6(1)(f) GDPR), namely GSF’s interest in documenting, promoting, and reporting on its activities, provided such interests do not override the rights and freedoms of individuals.
• Contractual Necessity (Art. 6(1)(b) GDPR), particularly for speakers, moderators, or panelists whose participation includes recording.

Where processing is based on legitimate interests, GSF conducts an internal balancing assessment to ensure proportionality and respect for individual right

3. Transparency at Events

GSF ensures transparency regarding Media capture through:

• This Annex
• Clear signage at Event entrances and/or within Event premises
• Visible presence of photographers, videographers, or recording equipment
• Notices during live-streamed sessions, where applicable.

4. How to avoid or limit capture in Media

If you prefer not to be recorded, you may:

• Indicate your preference during Event registration form or invitation (where applicable)
• Contact GSF in advance
• Inform Event staff upon arrival.

Where operationally feasible, GSF may:

• Introduce you to photographers/videographers
• Provide visual identifiers (e.g., badges or wristbands)
• Advise you regarding lower-risk seating areas.

Please note:

• It may not be possible to avoid incidental capture in wide-angle or crowd shots.
• Live-streamed areas may not allow real-time exclusion.
• GSF cannot control photographs or recordings made independently by third-party attendees or media representatives.

5. Use of Media.

Media may be used for:

• Event summaries and highlights
• Publication on GSF’s website
• Social media platforms (e.g., LinkedIn, YouTube, Instagram, X)
• Newsletters and stakeholder communications
• Educational and training materials
• Printed materials such as reports, brochures, or flyers
• Archival and historical documentation.

GSF selects Media carefully to reflect individuals respectfully and professionally.

Media may be published on third-party platforms that process data outside Switzerland or the European Economic Area. Where applicable, appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) are applied. Once published on third-party platforms, processing is subject to their respective privacy policies.

Media selected for communication, documentation, or archival purposes may be retained for the duration of GSF’s business operations or longer where justified by legitimate interest in historical documentation.

Media not selected for publication or long-term use will be deleted within a reasonable period following the Event.

Retention periods are determined based on purpose, relevance, and proportionality.

6. Live Streaming

Certain Events or sessions may be live streamed.

Where live streaming occurs:

• Signage and/or announcements will indicate recording and broadcasting;
• Cameras will primarily focus on speakers or designated participants;
• Recordings of live streams may be retained and reused in accordance with this Annex.
• Real-time exclusion from live-streamed areas may not always be technically feasible.

7 . Withdrawal of Consent and Objections

Where processing is based on consent, you may withdraw your consent at any time.

Where processing is based on legitimate interest, you may object on grounds relating to your particular situation.

Requests should include:

• Event name and date
• Description of the Media concerned
• Screenshot or link (if available).

GSF will respond within the timeframe required under applicable law (generally within one month under GDPR).

Please note that where Media has already been incorporated into printed materials, distributed publications, or shared via third-party platforms, complete erasure may not always be possible. GSF will, however, take reasonable steps to limit further dissemination where feasible.

8. Special Categories of Data

GSF does not intentionally collect or process special categories of personal data (e.g., health information, religious beliefs, biometric data) through Event Media.

GSF does not use facial recognition, biometric identification technologies, or automated profiling in connection with Event Media.

If special category data becomes visible:

• It will only be processed where lawful under Article 9 GDPR.
• Additional safeguards will apply.
• Data subjects may request restriction or removal.

9. Intellectual Property

GSF retains copyright and intellectual property rights in Media captured at Events.

Ownership of intellectual property does not affect your statutory data protection rights under GDPR or FADP.

This Annex forms part of the Gold Standard Foundation Privacy Notice and must be read in conjunction with it. All general provisions regarding data subject rights, international transfers, data security, and contact details apply equally to this Annex.

In every relationship with us, we need to verify KYC/AML and the aim is to ensure that with respect to any individual using our services where Sumsub verification is used, we collect each Data Subject’s (an individual who is the subject of Personal Data, whose Personal Data is processed) consent allowing us to process your biometric data in accordance with the applicable data protection legislation.

You expressly agree and confirm that you have familiarised with the following notice wording and give your consent to your Personal Data Processing:

“Consent and Privacy Notice Wording

I hereby agree and express my voluntary, unequivocal and informed consent that personally identifiable information (PII) including biometric information will be processed for the purposes specified in this consent of the organisation for which I pass the identity verification process (hereinafter – the “Company”) that uses Sumsub Group of Companies, (hereinafter – the “Service Provider” or “Sumsub”) through which the Company collects and processes my PII and the biometric information. Please refer to the Privacy Notice (https://sumsub.com/privacy-notice-service) for details about the identity and contact details of Sumsub.

Details ought to be blurred

I hereby agree and express my voluntary, unequivocal and informed consent that I agree that the Company and the SumSub can operate with non-blurred documents provided by me.

Categories of biometric data

My biometric information, to the processing of which by the Company and by the Service Provider I hereby agree and express my voluntary, unequivocal and informed consent, includes facial features or facial scans.

I hereby acknowledge and agree that facial images of myself are processed to confirm the liveliness of my face and/or to confirm that a given identity document is presented by me, its legitimate owner.

Purposes of processing of biometric data

I hereby acknowledge and agree that processing shall be done for the purposes of the Company and may include matters of compliance with applicable AML/CFT, anti-fraud laws and regulations, age restrictions acts and/or other laws and regulations and/or the Company customer due diligence procedures in accordance with the laws governing the intended business relationship.

The processing of biometric data will also be carried out for other compatible purposes of the Service Provider acting as a separate business including service development, fraud and criminal activity prevention, as well as ‘litigation hold’ and statutory obligations of the Service Provider (for details please see the Privacy Notice available here: https://sumsub.com/privacy-notice-service).

How will the biometric data be processed

I hereby acknowledge and agree that Company and Service Provider shall process my biometric information by means of automated reading, verification of the authenticity and other automated processing as stated in the Privacy Notice available at https://sumsub.com/privacy-notice-service/, which includes the processing of facial scan while passing liveness, video-selfie or video identification process, biometric authorisation, face comparison from the photo of an identity document and the facial image, searching of multiple identity creation, work and development of fraud control network to detect and prevent fraud and criminal activity.

The PII including biometric data may be disclosed to entities associated with Service Provider to achieve the purpose of the processing under this Consent. The Service Provider stores biometric information in AWS Amazon or Google Cloud (depending on the requirements of the Company on the place of data storage).

Retention of biometric data

I hereby represent that I have been informed that my PII will be retained and stored by Company and Service Provider and will be permanently destroyed based on the Company’s instructions when the Company’s initial purpose and/or retention period prescribed by applicable law expires. Where Service Provider independently defines the compatible purposes or under the legal obligation, the personal data, including biometric information, will be destroyed after Service Provider’s purposes for collecting the biometric information have been satisfied (and one (1) year of the date the purpose for collecting the data expires for residents of Texas) or after five (5) years from the provision of data to the Service Provider system, whichever occurs first. For the residents of Illinois, the retention period of personal data, including biometric information, will be three (3) years from the date of data provision to the Service Provider system. Please check how your PII will be deleted and destroyed in Service Provider’s Data Disposal and Destruction Policy at https://sumsub.com/privacy-notice-service/?id=#8.

I hereby represent that I have carefully read all of the above provisions and do voluntarily and unequivocally agree with them.”