Data Privacy Notice (enhanced for GDPR)

Scope
This privacy statement applies to www.idfour.com and InterDirect USA, Ltd., dba iDfour websites, services, applications and products that store, process, and/or transmit personal data as defined below.

Choice and Consent
As the owner of your own personal information, you have choices, specifically, the following: You have several choices available when it comes to information about you:

  • Limit the amount of Personal Data provided to iDfour: If you have a personal or business relationship with iDfour, you have the right to limit the types of personal data we store, process, and/or transmit. Please be advised if you limit the types of personal data, then this may result in the inability to fully process your data and provide the services we offer. Certain rights relating to erasure, rectification, and portability of data in regards to the GDPR are thus deemed in-scope for this privacy policy.
  • Opt-Out of Electronic Communications: You have the right opt out of receiving promotional messages from iDfour. Please note that even if you opt out of promotional messages, iDfour may still send you additional messages relating to your account and other important information.

Privacy Policy: A Privacy Policy, and other affiliated initiatives and documentation, is an essential element of iDfour’s commitment to ensuring the safety and security of customer data at all times. Protecting confidential data is paramount to our organization, and as such, we take security seriously, which means protecting the data provided to us from customers. You, as a customer, have certain rights that we, as a business, must adhere to, for which these rights are discussed within this Privacy Policy. Data security and privacy is not an option, rather, a strict requirement for many of today’s global laws and regulations, but also a best practice we employ throughout our entire organization. Simply stated, iDfour takes data security and privacy seriously.

Scope of Laws
This Privacy Policy has been developed in accordance with the following rules, regulations, and/or legislative laws for which iDfour is obligated to comply with.

  • The EU General Data Protection Regulation (GDPR).
  • Health Insurance Portability and Accountability Act of 1996

Introduction
iDfour needs to obtain, collect, and use certain types of information about individuals. Such information is often referred to as Personally Identifiable Information, a phrase which encompasses a wide-range of personal data types. For purposes of this policy, the term “personal data” is used to describe any type of data that obtained, collected, and used by iDfour. As to whom the “personal data” is obtained from, this is often referred to as customers, clients, users, data subjects – phrases which encompass a wide-range of individuals. For purposes of this policy, the term “individual(s)” is used to describe any type of person for which “personal data” is obtained and collected from, and then subsequently used by iDfour.

iDfour is deeply committed to maintaining your trust and confidence, values your privacy and recognizes the sensitivity of your personal information, and will thus will always strive to protect the privacy of individuals. We have carefully crafted this Privacy Policy to address concerns you might have, and to assure you that if you give us personal information, we will treat it carefully and appropriately. This Privacy Policy applies to the website available at [enter website] and the mobile applications and websites where this Privacy Policy is posted (collectively, the “Sites”). This Privacy Policy does not pertain to information that is collected offline.

Purpose of Data Privacy Policy
The purpose of the Data Privacy Policy is to provide clarity, transparency, and accuracy regarding the collection and use of an individual’s personal data for which iDfour may collect and use for processing.

Information Collected and Stored Automatically (Web Analytics Data)
When you visit www.idfour.com, we may store some or all of the following: The Internet address from which you access [website URL, date and time, the Internet address of the website from which you linked to www.idfour.com, the name of the file or words you searched, items clicked on a page, and the browser and operating system used, and any other related information.

This information is used to measure the number of visitors to the various sections of our site and identify system performance or problem areas. We also use this information to help us develop the site, analyze patterns of usage, and to make the site more useful. This information is not used for associating search terms or patterns of site navigation with individual users. Data.gov periodically deletes its Web logs. On occasion, Data.gov may provide this information to third party entities it contracts with for the purposes of research analysis.

Cookies
When you visit some websites, their web servers generate pieces of information known as cookies. Cookies are commonly used to recognize your computer in the future. www.idfour.com uses session cookies to serve technical purposes, such as providing seamless navigation through our site, allow you to carry information across pages of our site and avoid having to re-enter information. These cookies do not permanently record data and they are not stored on your computer’s hard drive. www.idfour.com’s session cookies are available only during an active browser session. When you close your browser, the session cookie disappears.

www.idfour.com also uses persistent cookies to be able to track the number of unique visitors to the site. More specifically, Persistent Cookies are utilized for helping iDfour recognize you as a unique visitor (using a number, you cannot be identified personally) when you return to www.idfour.com. Additionally, persistent cookies enable iDfour to tailor content and related subject matter to match your preferred interests and/or for the purposes of not showing you the same content and related subject matter repeatedly.

To compile anonymous, aggregated statistics that allow us to understand how users use our site and to help us improve the structure of our website. We cannot identify you personally in this way

Users can choose to disable cookies using their web browsers, which will not affect their ability to search for, review and retrieve data on www.idfour.com

Information Collected and Stored Automatically (Personal Information)
Users may be required to provide personal information into various form fields, and/or for purposes of searching, retrieving, and downloading data from www.idfour.com. If you choose to provide us with personal information, iDfour will use appropriate security controls for ensuring the protection of your personal data. Personal information which may be required when using various pages found on www.idfour.com may include any of the following:

General Data Protection Regulation
“Any information relating to an identified or identifiable natural person (i.e., a "data subject"); an identifiable natural person is essentially somebody that can be identified, directly or indirectly, in particular by reference to an identifier via name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Personally Identifiable Information (PII)

  1. Full name, with all middle names (especially if the name is not common).
  2. Any part of an individual's name that is stored or displayed in conjunction with any of the subsequent listings of data and information deemed PII.
  3. National Identification information, such as passports, visas, permanent residence cards, voting information, social security number (United States), or any other type of unique identifier used on a national level.
  4. Local and/or state, provincial, etc. information, such as driver’s licenses, vehicle registration and permit documents, or any other type of unique identifier used on a local and/or state, provincial level.
  5. Digital Identifiers, such as IP addresses, usernames, passwords, etc.
  6. Facial, fingerprint, iris and all other associated biometric information.
  7. Date of Birth.
  8. Place of Birth.
  9. Medical records (i.e. protected health information (PHI) and electronically protected health information (ePHI), and all associated data and information contained (electronically or hard-copy) with the medical records. Also, genetic information, if applicable.
  10. Criminal records.
  11. Financial and Accounting records, such as banking, mortgage, revolving debt and tax information, along with credit and debit cards.
  12. Educational information, such as classes taken, schedule, grades received, degrees confirmed, disciplinary actions, financial aid, student loans, etc.
  13. Professional and occupational information, such as salary, tenure, etc.
  14. Professional licenses, certifications, designations, etc.
  15. Any other information deemed PII, but not listed above


In summary, PII consists of both the data and information that is unique to an individual and the source of the applicable data and information. For example, a social security number is the "data and information" of PII and the social security card or anywhere the number is found, imprinted, stored, or kept is the "source" of PII.

Protected Health Information (PHI)
Additionally, a subset of Personally Identifiable Information (PII) is that of Protected Health Information (PHI), which actually shares many similarities towards each other as to the types of data an information. Specifically, PHI contains the following list of eighteen (18) "identifiers":

  • Names.
  • All geographical identifiers smaller than a state.
  • Dates that directly relate to an individual (other than year).
  • Phone Numbers.
  • Fax Numbers.
  • Email Addresses.
  • Social Security Numbers.
  • Medical Record Numbers.
  • Health Insurance Beneficiary Numbers.
  • Account Numbers.
  • Certificate | License Numbers.
  • VIN, serial numbers, license plate numbers.
  • Device Identifiers and Serial Numbers.
  • Web Uniform Resource Locators (URLs)
  • Internet Protocol (IP) addresses.
  • Biometric Identifiers, such as finger, retinal and voice.
  • Full Face Photograph Images
  • Any other unique identifying number, character, code, etc.

Personally Identifiable Financial Information (PIFI)
Furthermore, yet another subset of Personally Identifiable Information (PII) is Personally Identifiable Financial Information (PIFI). Specifically, PIFI is the following:
Any information: A consumer provides to obtain a financial product or service; about a consumer resulting from any transaction involving a financial product or service; or Otherwise obtained about a consumer in connection with providing a financial product or service. (www.ftc.gov).

Online Comments
Please be advised that any comments you provide are categorized as public information. Therefore, such comments may also be made available online to the public with the name of the commenter but without the use of any email addresses, or any type of information defined as personal information.

Moderation of Comments and Posts
www.idfour.com allows individuals to post comments on discussion topics on various forums. We encourage you to share your thoughts as they relate to the topic being discussed, but please be advised that posts will be publicly visible; therefore, www.idfour.com utilizes a moderation policy for ensuring posts are appropriate and not harmful to others. As such, we review and moderate posts according to our stated guidelines below. The views expressed in posts reflect those of the individual making the post, and are not intended to be viewed as those of iDfour.

iDfour promotes public comments and posts for purposes of transparency in who we are, what we do, and the services we however. However, courtesy and professionalism are to be used at all times by individuals, thus iDfour reserves the right to block, hide, and/or delete, remove posts that:

  • Are deemed obscene, indecent, or profane language.
  • Contain threats, defamatory, or derogatory statements.
  • Invoke terroristic threats, promote violence, along with any other offensive material and any other content deemed unprofessional, unethical or that violates any local, state, or federal law or regulation.
  • Reveal Personal Information as described above in the Information Collected and Stored Automatically (Personal Information) section.
  • Contain information posted in violation of law, including libel, condoning or encouraging illegal activity, and revealing classified information, or posts that might affect the outcome of ongoing legal proceedings.
  • Promote or endorse services or products, including links to external commercial sites. (Note that non-commercial links that are relevant to the topic or another post are acceptable.)
  • Contain content that is completely off-topic, spam, or intended primarily to promote a link for purposes of link building.
  • Contain any other type of content deemed unprofessional, unethical or that violates any local, state, or federal law or regulation.

Unless you clear permission to do so, please do not submit copyrighted, trademarked or other proprietary, confidential, and/or sensitive non-public information. By submitting your posts or other work, you grant the effectively allow anyone viewing the discussion forum at www.idfour.com irrevocable permission to copy, distribute, make derivatives, display or perform the poster’s work publicly and free-of-charge.

To protect your privacy, please do not include personal information that can be used to potentially identify you. iDfour will review all posts in a timely manner, and will respond accordingly and take action for any posts that violate the above-stated conditions.

Browser Information Collected on the Website
Various elements of data sets may be collected to track the usefulness of certain actions and to ultimately improve the value of www.idfour.com. Please note that at no time does iDfour not gather, request, record, require, collect or track any type of Internet users’ personal information (as listed above) through these processes.

Site Security
For site security purposes and to ensure that this service remains available to all users, the platform for which the [website URL) resides on – commonly known as a “production environment”, utilizes a wide-range of software tools and programs to for the ultimate goal of ensuring its confidentiality, integrity, and availability (CIA) – a concept known as the CIA triad of information security. Tools which are currently in use, or are to be deployed if necessary for the security of [website URL) are to include, but are not limited to, the following: start here.

  • Network Security and Network Monitoring: Tools that assist in securing the network for which www.idfour.com resides on. Such tools include network and perimeter firewalls, web application firewalls, routers, switches, intrusion detection systems, and other related tools.
  • Network Performance: Tools that assist in monitoring all aspects of www.idfour.com, such as performance monitoring for website uptime, etc.
  • Other: Additionally, A variety of physical, electronic and procedural safeguards are implemented for helping ensure the safety and security of www.idfour.com.

Except for authorized law enforcement investigations by local, state, and/or federal agencies, no other attempts are made by iDfour to identify individual users and/or their usage habits on www.idfour.com.

External Links
www.idfour.com may contain links to websites created and maintained by other public and/or private organizations. www.idfour.com therefore provides these links as a service to our users, and when users click on a link to an external website, they are leaving www.idfour.com and are thus subject to the privacy and security policies/related terms and conditions of these external websites.

Children's Privacy
www.idfour.com complies with the Children’s Online Privacy Protection Act of 1998 (COPPA). Specifically, COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. Therefore, Personal information from children under 13 is not knowingly collected, nor are children under 13 knowingly contacted by www.idfour.com. To be clear, www.idfour.com does not intend to solicit information of any kind from children under 13. It is possible that www.idfour.com may receive emails pertaining to children under 13. If this is the case and www.idfour.com is notified of this, as soon as the information is verified, parental consent will be immediately obtained or the email will be deleted from any services being offered and/or performed by www.idfour.com.

www.idfour.com complies with the General Data Protection Regulation (GDPR). Specifically, the GDPR states the following, per Article 8:

Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.

Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

The controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology.

Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.

Prohibitions
www.idfour.com will not create any type of reference or hyperlink to any other website that displays, promotes and/or exhibits any type of hate, bias, or discrimination. www.idfour.com thus reserves the right to deny or remove any reference or hyperlink that contains misleading information or unsubstantiated claims, or is determined to be in conflict with iDfour's policies, procedures, and practices.

Changes to this Policy
The www.idfour.com privacy policy is to be revised and updated as necessary for ensuring its adequacy and sufficiency. You are encouraged to visit this page often for the latest information and the effective date of any changes to such policy. If changes are made to this policy, a new www.idfour.com policy will be posted on our site, along with a corresponding data of change.

Linking to www.idfour.com: At any time, and at no cost, you may link to www.idfour.com. When you link to www.idfour.com, please use our link in the most professional and appropriate manner.

Use of Logo: The logo displayed on www.idfour.com is the official logo of iDfour and is not to be used by any other organization for any purpose, unless such rights are granted by iDfour.

Public Information: All datasets accessed through www.idfour.com are confined to public information and must not contain personal data as defined by statute and/or Executive Order, or other information/data that is protected by other statute, practice, or legal precedent.

Security: All information accessed through www.idfour.com is in compliance with the required information security mandates of Article 32 of the GDPR. Specifically, Article 32 mandates the following:

  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
    • The pseudonymisation and encryption of personal data.
    • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
    • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
    • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Privacy: All information accessed through www.idfour.com must be in compliance with current privacy requirements set forth in the GDPR and the additional following regulations [x]. Specifically, iDfour is responsible for ensuring that personal data accessed through www.idfour.com have required Privacy Impact Assessments available for review.

Data Quality and Retention: All information accessed through www.idfour.com is subject to iDfour quality control and related information security best practices.

Disclaimer and Endorsement: The www.idfour.com website includes hypertext links, or pointers, to information created and maintained by other public and/or private organizations. As such, www.idfour.com only provides these links for your information and convenience, thus, when you select a link to an outside website, you are leaving the www.idfour.com and therefore subject to the privacy and security policies of these external websites. Additionally, please note the following:

  • www.idfour.com does not control or guarantee the accuracy, relevance, timeliness, or completeness of information contained on a linked website.
  • www.idfour.com does not endorse the organizations sponsoring linked websites and we do not endorse the views they express or the products/services they offer.
  • www.idfour.com therefore cannot authorize the use of copyrighted materials contained in linked websites. Users must request such authorization from the sponsor of the linked website.
  • www.idfour.com is not responsible for transmissions users receive from linked websites.
  • www.idfour.com does not guarantee that outside websites comply with Section 508 (accessibility requirements) of the Rehabilitation Act.

    BY USING THE SITES, YOU CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND TO OUR PROCESSING OF PERSONAL INFORMATION FOR THE PURPOSES STATED BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SITES.