MetaMap, Inc. (together, with its affiliates, “MetaMap”, “we” or “us”) helps individuals gain access to businesses and services around the world, including banks, payment processors, gig platforms, telcos, and employers, by providing those businesses with various software-as-a-service services, including identity verification and bank account data tools (the “Services”).

Scope

This Platform Privacy Policy describes how we collect, use, and share personal information that MetaMap collects about you when you or our customers (“Merchants”) use our Services.  If you are an employee or contractor of a Merchant that is using our Services, or if you are visiting our website or otherwise communicating with us outside of your use of our Services, please refer to our Global Privacy Policy for information about our privacy practices with respect to your personal information. “Personal Information” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

What Information We Collect About You and Why

When our platform is used to verify your identity, we may collect the following types of information about you:

• Profile or contact information such as your name, address or location, email address, phone numbers, and unique identifiers etc.;
• Information obtained from government-issued identification. When we receive a photo of your government-issued identification – such as an ID card or passport – we may collect information from such documentation, such as name, date of birth, document number, father’s name, mother’s name, expiration date, gender;
• Utility bills and similar documentation;
• Information from government databases, including information allowing us to verify government IDs, criminal records history, court records, whether an individual is on a watch list, driving license information, and tax number.
• Biometric information, such as a faceprint, that we derive from photos or videos of you;
• Sensory data, such as photos, videos, or recordings of you and/or of your environment;
• Inferences, such as estimated age based on photos;
• Credit scores;
• Credentials you provide us to connect your accounts;
• Financial and transactional information such as information from and about your bank accounts that you choose to connect. For example, when you authenticate with your banking provider through our platform, we may gain access to information such as account balance, loan repayment, withdrawals, income, and transaction data;
• Location data, such as IP address-inferred location and precise location; and
• Device Information such as information about your mobile device, computer, browser, your IP address, your precise location, and information associated with cookies stored on your device.

Some categories listed above (such as biometric information) may be considered “sensitive data” under certain privacy laws.

We use this information at your direction to provide our services to our Merchants, who use this information to verify your identity, conduct legal compliance checks (for example, to make sure you are not a sanctioned individual) and/or your eligibility for various products and services (for example, to determine whether you are eligible for a particular type of bank account, or to determine the terms of a loan). Additionally, we use this information to help all of our Merchants more broadly assess risk and fraud, for example by providing them insights, reporting, and analytics. Finally, we may use this information (when permitted):

• To meet our legal requirements, and to enable our Merchants to meet their legal requirements;
• To investigate or prevent suspected fraud, threats of harm or criminal conduct, or violations of our contracts or policies;
• To provide Merchant support or answer questions;
• To improve our products and services, including to develop and test new products or features; and
• To provide reporting and analytics.

Where and How We Collect Your Personal Information

We collect Personal Information about you from the following categories of sources:

• You
  
  • When you provide such information directly to us.
    
    • When you create an account or use our interactive tools and Services.
    • When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
    • When you send us an email or otherwise contact us. 
  • When you use the Services and such information is collected automatically.
    
    • Through cookies.
    • If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
    • If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
• Public Records
  
  • From the government or other sources.
• Third Parties
  
  • Merchants
    
    • Specifically, we may receive Personal Information about you from Merchants who are using our Services to, for example, verify your identity.
  • Vendors
    
    • We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
  • Third-Party Credentials

If you provide your third-party account credentials, such as your bank account credentials, to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.

When and Why Do We Share Your Information

When we process your personal information, we will share that information with parties you are already interacting with.  For example, if you use our service to prove your eligibility for a particular service or product offered by a bank, we will share your information with that bank on your behalf. We also share your information with service providers who help us offer our platform (for example the web hosting providers we use).  When we share your information in this way, we do so under a contract with the service provider.

Additionally, we may share your information:

• to investigate or prevent suspected fraud, threats of harm or criminal conduct, or violations of our contracts or policies;
• to help us conduct marketing and advertising;
• to comply with legal requirements, or to respond to court orders or other similar government or legal demands; or
• if we undergo a merger, acquisition, bankruptcy, or other transaction in which a third party assumes control of our business (in whole or in part). 

Our Collection of Biometric Data

If you use our Services, you may be asked to voluntarily provide your personal data, including biometric information, to verify your identity, authenticate your information and prevent fraud when you use our Merchants’ websites or mobile applications. In connection with providing our services, we may verify your identity by comparing biometric data (i.e. a faceprint) that we derive from a selfie or video that you provide with the faceprint we derive from government-issued identification or other photos of you.

If you are an Illinois resident from whom we have collected biometric information, we may retain your biometric information only until the first of the following occurs, unless otherwise required by law or our contracts with Merchants: (i) the initial purpose for collecting such biometric information has been satisfied; or (ii) 3 years after your last interaction with MetaMap’s Services, in accordance with Illinois law.

Transfers of Personal Data

We provide our services to Merchants and individuals located around the world. As a result, we often need to transfer your information outside of your state or country, including to the United States. This data may be subject to the laws of the countries where we send it. When we send your information across borders, we take steps to protect your information, and we try to only send your information to countries that have relatively strong data protection laws.

How We Protect Your Information

We take the security of our platform very seriously, and do our best to try and protect your information. There is always, however, some risk associated with any technology that transmits or stores electronic information through the Internet.  This means we cannot guarantee the absolute security of your information, even while we do our best to protect it.

How We Use “Cookies” And Other Specific Technologies

Like most other online services, we use “cookies” and other technologies that collect information about you as you use our services. You can read more about the cookies we use on our website, the cookies we use to provide our software and services, and an explanation of how you can opt out of some of these cookies, in our Cookie Policy. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at privacy@metamap.com.

Data that is Not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you. 

Your Rights Over Your Information

You may be located somewhere that offers you specific legal rights over your information.  To make such a request, please email us at privacy@metamap.com.  

For example, you may have one or more of the following rights:

Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. 

• Access:  You can request more information about the Personal Information we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging on to your account.
• Rectification:  If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging on to your account.
• Erasure:  You can request that we erase some or all of your Personal Information from our systems.
• Withdrawal of Consent:  If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Portability:  You can ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Objection:  You can contact us to let us know that you object to the further use or disclosure of your Personal Information for certain purposes, such as for direct marketing purposes.
• Restriction of Processing:  You can ask us to restrict further processing of your Personal Information.
• Right to File Complaint:  You have the right to lodge a complaint about MetaMap’s practices with respect to your Personal Data with the supervisory authority of your country or European Union Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

While we would like to extend these rights to everyone, there are some situations where we are legally or contractually prohibited from doing so.  Specifically, when we handle your information solely on behalf of our Merchants, we sometimes do so as a “data processor” to them, meaning that we do not have the legal right to respond to requests from you.  In those situations, we will let you know that we are unable to assist, and will try (to the extent possible) to direct your request to the relevant Merchants.

We also explain where you may have specific additional legal rights below, in the section titled “Additional Information for Specific Regions.”

Additional Information for Specific Regions

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

• Contractual Necessity:  We process the following categories of Personal Information as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Use with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
• Legitimate Interest:  We may process Personal Information when we believe it furthers the legitimate interest of us or third parties:
  
  • We may also de-identify or anonymize Personal Data to further our legitimate interests.

Examples of these legitimate interests include (as described in more detail above):

• • Providing, customizing and improving the Services.
  • Marketing the Services.
  • Corresponding with you.
  • Meeting legal requirements and enforcing legal terms.
  • Completing corporate transactions.
• Consent:  In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
• Other Processing Grounds:  From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Note that If you are a resident of Nevada, you have the right to opt-out of the sale of https://docs.metamap.com/docs/metamaps certain Personal Data to third parties. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

Changes to this Privacy Policy

As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. We will alert you of material changes by placing a notice on the MetaMap website, by sending you an email and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

How to Contact Us

If you would like to ask about or make a complaint about how we handle your information, please contact us at:

• privacy@metamap.com.
  MetaMap, Inc.
  2001 Gateway Pl., Suite 151E
  San Jose, CA 95110
  USA