Privacy Policy

Quadible Privacy Policy

The purpose of this Privacy Policy is to inform you about how your personal information is collected and how we use it when you interact with Quadible. Interacting with Quadible relates both Quadible’s presentation website (“The Sites”) and Quadible continuous behavioural authentication App (“The App”) and hereinafter are referred to as “Services”.

Topics:

  • What data do we collect?
  • How do we collect your data?
  • How will we use your data?
  • How do we store your data?
  • How long do we keep your data?
  • Marketing
  • What are your data protection rights?
  • What are cookies?
  • How do we use cookies?
  • What types of cookies do we use?
  • How to manage your cookies
  • Privacy policies of other websites
  • Change to our privacy policy
  • How to contact us
  • How to contact the appropriate authorities

1.            What data do we collect?

  • Through our Services we collect different types of data in order to improve the performance of our App and to strengthen the user experience.
  • The Site collects personal data you provide us through
    • the contact form, email, telephone or in person such as name, address, email address, occupation, telephone number and any other contact details you provided us when contacting us through the aforementioned means.
    • Cookies such as geolocation, details about your visit to the Site, traffic data and other communication data.
  • The App may collect personal data including biometric and behavioural data for the purpose of uniquely authenticating a natural person to a third-party service or for risk assessment purposes to continuously verify that the person interacting with a third-party service is who they say they are.
    In order to fulfil that purpose i.e. to authenticate a person to a service the following data are collected: (a) face biometric data, (b) fingerprint data, (c) GPS location, (d) accelerometer, (e) gyroscope, (f) magnetic field, (g) Bluetooth fingerprints, (h) WiFi fingerprints, (i) touch, swipe, and gestures on the smartphone screen, (k) data typed through a smartphone keyboard and (l) financial transactions.

2.            Consent

2.1. Quadible’s policy focuses on being transparent towards you regarding the personal data collected and how they are used. Thus, our Services inform you about what we do, the data collection and processing that takes place in each of our Services.

2.2. Our App collects several behavioural and biometric data from you through a module placed inside a third-party mobile app that you may use. The first time you launch the third party mobile app, an installation wizard is prompted (a) to inform you about the App i.e. what is does, (b) to educate you about the behavioural and biometric data to be collected including the purpose of why they are needed and (c) to request explicit consent from you about the data collection and processing. At any point that you do not feel comfortable with the process you are able to skip it and opt out from the data collection and the data processing as well as delete any data and knowledge we hold about you.

2.3. Our Site collects personal data from you to improve the user experience and to allow us provide you the best services according to your needs. Once you visit our Sites, a notification bar is prompted at the bottom of the Sites, informing you about the cookies and requesting the users consent for the data collection.

3.            How do we collect your data?

3.1. Our Services collect your data in order to improve the user experience and to best fit your demands in terms of privacy and security. To achieve that goal, our Services collect data through both our Sites and our App.

3.2. Our App collects behavioural and biometric data through a module (i.e. “Library”) that integrates with third-party mobile apps that require continuous authentication or/and continuous risk assessment to mitigate risk and fraud. The Library collects behavioural and biometric data, encrypts and uploads them to our cloud platform that performs the knowledge extraction and storage at encrypted infrastructure.

3.3. Our Sites collect personal data through cookies, contact forms, online chat and direct email approach. The personal data are analysed to improve your user experience and Quadible’s performance towards you.

4.            How will we use your data?

Category

Personal data

Extracted knowledge

Lawful basis for processing

Retention Period

Sites

Name, email address, cookies, analytics, geolocation data

Information about our potential and existing customers or users. This allows us to provide a better service to you.

Legitimate Interests for improving the user experience and the performance of our services towards our customers and consumers.

At any point you can contact our DPO through dpo@quadible.co.uk and ask to opt out, or contact us through our contact form.

Mobile Authentication module (Solution)

Biometrics (face, fingerprint), GPS, accelerometer, gyroscope, magnetic field, Bluetooth traces, WiFi traces, keystrokes, screen touch events, financial transactions

Biometrics (face and fingerprint recognition), and behavioural patterns such as pattern for location, speed, distance, device and user interactions, device holding, screen touch, swipe, gestures, typing behaviour and financial transaction patterns.

Legitimate Interests. This information is required to provide continuous authentication and risk assessment through the Quadible behavioural authentication solution (“App”).

As long as the user keeps the account at our platform. At any point the user can opt out and delete the account including the data and knowledge collected.

Mobile Banking Demo (Solution)

Biometrics (face, fingerprint), GPS, accelerometer, gyroscope, magnetic field, Bluetooth traces, WiFi traces, keystrokes, screen touch events, financial transactions

Biometrics (face and fingerprint recognition), and behavioural patterns such as pattern for location, speed, distance, device and user interactions, device holding, screen touch, swipe, gestures, typing behaviour and financial transaction patterns.

Legitimate Interests. This information is required to showcase through a demo app the continuous behavioural authentication offered by Quadible.

As long as the user keeps the account at our platform. At any point the user can opt out and delete the account including the data and knowledge collected.

5.            How do we store your data?

5.1. Quadible takes the appropriate measures to protect and store your data securely through our Services.

5.2. The App securely stores your data at a Netherlands-based (NL)  cloud infrastructure as long as you maintain an account. At any point, you have the ability to stop the data collection as well as to delete any data collected and knowledge extracted. The data collected at the mobile device level are encrypted at the collection point, transmitted through an encrypted channel to our platform where they are stored at encrypted infrastructure.

5.3. The Sites securely stores your data in Europe and may sometimes store your data outside the European Economic Area (EEA), such as when our service providers are located outside the EEA or if you are based outside the EEA. It should be noted that, data protection laws for countries outside the EEA are not in the EEA and United Kingdom. The non-EEA data transfer may take place in cases where the Privacy Shield is applicable if the data are transferred to the United States or if the non-EEA country has been approved by the European Commission as having the appropriate level of protection.

5.4. The App collects biometric and behavioural data (See the Table in Section 4). The sensor data are anonymised at the device level and in particular the following sensitive information Wi-Fi MAC Addresses and Bluetooth MAC Addresses. For the transactional patterns, trusted beneficiaries are anonymised by the third-party organisation (e.g. bank app that hosts the Quadible solution) before provided to the Quadible solution, so the solution does not have access to the actual bank account number.

5.5. No raw biometric data are stored such as images (face, fingerprint) or voice recordings. Biometric profile is a sequence of numbers that does not allow rebuilding of the initial image. The biometric profiles are stored at the platform, where data anonymisation techniques are applied before storing, making the biometric profiles revocable in case of a breach.

6.             How long do we keep your data?

6.1 We will keep your personal data as long as you maintain an account at our Services. At any point, you can delete your account. We may also retain aggregate information beyond this time for research purposes and to help us improve and develop further our Services. We will keep records if required to do so by law.

6.2 We will not retain your data for longer than necessary for the purposes set out in this policy.  Different retention periods apply for different types of data.  If you would like to know the retention period for a specific type of data please contact our Data Protection Officer at dpo@quadible.co.uk

6.3 The biometric profiles and the behavioural data (Section 4, columns Personal Data and Extracted Knowledge) are used only to authenticate the user at a particular system, and are kept until the user’s account is deleted or the organisation that the user belongs to is deleted. Data such as the image of a user are not stored by the App and are kept only until the extraction of the biometric profile is completed and then the images are deleted. Data such as the Bluetooth/Wifi MAC addresses and the account beneficiary of a transaction are immediately converted into hashes and then the raw data are deleted.

7.            Marketing

7.1. In the future, Quadible would like to send you information about products and services that we think you might like as well as those of our partner companies.

8.            What are your data protection rights?

8.1 Subject to applicable law including relevant data protection laws, you may have a number of rights in connection with the processing of your personal data, including:

  • The right to be informed about the collection and the use of your personal data. This means we must inform you how we are going to use your personal data. We do this through this privacy policy and by informing you how your data will be used each time we collect it.
  • The right to access personal data and supplementary information including a copy of the data stored about you; in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable by law. We must respond to your request within one month. To request access to your data please email dpo@quadible.co.uk
  • The right to have inaccurate personal data rectified, or completed if it is incomplete. If you think the data we hold on you is incorrect, tell us so we can put it right. You can do this through the contact form at our website https://www.quadible.co.uk/#contact
  • The right to erasure (to be forgotten) in certain circumstances. You have the right to request that we delete your data. We will do so, provided that we do not have a compelling reason for keeping it. To request this, please email dpo@quadible.co.uk
  • The right to restrict processing in certain circumstances. You can change your communication preferences by contacting us through the contact form at our website https://www.quadible.co.uk/#contact . For the App, to restrict processing for continuous authentication, you can login to your account and suppress the processing of your personal data.
  • The right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services. To request this, please email dpo@quadible.co.uk
  • The right to object to processing in certain circumstances. You have the right to object to a) Direct marketing from Quadible or from third parties we have shared your data with for direct marketing purposes. You can opt out of direct marketing any time contacting us through the contact form at our website https://www.quadible.co.uk/#contact b) Any processing where our lawful basis is legitimate interest including the data processing for continuous authentication (App). If you would like to formally object to any of our legitimate interest processing please email dpo@quadible.co.uk You can also object processing for continuous authentication (App) through your account on the mobile app.
  • Rights in relation to automated decision making and profiling. You have the right to object to automated decision making and profiling regarding the App (continuous behavioural authentication). If you would like to object to processing, automated decision making and profiling, you can either login to your account and object or you can email us at dpo@quadible.co.uk
  • The right to withdraw consent at any time (where relevant)
  • The right to complain to the Information Commissioner. If you feel that Quadible has not addressed properly the personal information, you can complain at the Information Commissioner Office (See Section 16 below)
  • The right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body.  Please see https://ico.org.uk/concerns/for how to do this.
  • If you would like to exercise any of the rights set out above, please: email or write to our Data Protection Officer;
  • let us have enough information to identify you, (e.g. your full name and any reference number used in communications with us; and
  • let us know what right you wish to exercise and the information to which your request relates.

9.            What are cookies?

  • Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: allaboutcookies.organd www.youronlinechoices.eu for a video about cookies visit https://www.google.com/policies/technologies/cookies/
  • Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
  • The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.
  • A list of all the cookie types used on this website by category is set out below.
  • Strictly necessary cookies – these cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for cannot be provided.
  • Performance cookies – these cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
  • Google Analytics – these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For further details visit:http://www.google.com/analytics/learn/privacy.html
  • Removal of cookies – you may refuse to accept cookies by activating the setting on your internet browser which allows you to refuse the setting of cookies. For more information about cookies including how to set your internet browser to reject cookies please go to allaboutcookies.org
  • To opt out of Google Analytics visit http://tools.google.com/dlpage/gaoptout

10.        How do we use cookies?

10.1 Quadible uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website
  • Understand the demographic of people visiting our website
  • Performing analytics on the website visitors in order to improve our website and our App and better fit the needs of our customers.

11.        What types of cookies do we use?

11.1. There are several types of cookies. Our cookies, web beacons and similar technologies serve various purposes, but are generally essential to the functioning of our Sites, tools or messaging, helping us to improve the performance of the Services or to provide you extra functionality of the Services. In particular our Sites uses:

  • Strictly Essential cookies allow you to visit our Sites and navigate across the different pages with the appropriate security required especially for functionalities such as purchasing packages for the App.
  • Performance related cookies collect data related with your behaviour throughout the Sites on how you access different pages, which pages you visit and to inform us in case of an error while you are browsing our Sites. The data collected through these cookies cannot lead into person identification, the data are mainly related to statistics and the way the Sites are used.
  • Functionality cookies are used to provide you certain services or to remember previous settings you have defined in order to improve your visit.

12.        How to manage your cookies

12.1. Internet browsers provide the ability to users not to accept cookies however there is the risk that the Sites may not function properly because of the lack of cookies.

12.2. Particular settings on your browser allow blocking of cookies; in such case, certain features may not be functional. By default, our Sites create cookies once you access our Sites.

 
12.3. You have the ability to change your cookie settings through the ‘Options” or “Preferences” menu of your Internet browser. For more information please follow the links below.

12.4. If you wish to withdraw your consent at any time, you will need to delete your cookies using your Internet browser settings.

13.        Privacy policies of other websites

13.1 The Sites contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read and understand their privacy policy. We are not responsible for any use of your personal data that is made by unconnected third party websites.

14.        Change to our privacy policy

14.1. Quadible keeps its privacy policy under regular review and places any updates on this web page. The privacy policy was last updated on 24 July 2019.

15.        How to contact us

  • Data controller and contact details
    • For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.
    • If you need to contact us in connection with our processing of your personal data, then our contact details are:

Data Protection Officer, Quadible Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom;
dpo@quadible.co.uk ;
Telephone: +44 (0) 1483 688406.

16       How to contact the appropriate authorities

16.1. Should you wish to report a complaint or if you feel Quadible has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Website: https://ico.org.uk/make-a-complaint/
Email: casework@ico.org.uk
Address: Information Commissioner’s Office,
Wycliffe House
Water Lane

Wilmslow
Cheshire
SK9 5AF