Privacy policy

This Privacy Policy describes how UNICOTECH USA, INC., headquartered at 1209 Orange Street, Wilmington, New Castle County, Delaware 19801, United States of America (“Unico” “we,” “our” or “us”) collects, uses, and discloses personal information about you and your data privacy rights. Personal information is sometimes also referred to as personal data, personally identifiable information, or other like terms that mean any information that directly or indirectly identifies you or is reasonably capable of being associated with you or your household. This Privacy Policy applies to personal information we collect online and offline, such as when you use our website, application, identity verification services, conduct business dealings with us, or otherwise interact with us (collectively, our “Services”). We also describe in this Privacy Policy our handling of “sensitive” personal information or data, which are subject to additional protections under applicable data privacy laws.

Please note that this Privacy Policy is directed at individuals residing and using the Services in the United States. We may provide different or additional notices of our privacy practices with respect to other personal information collection practices not within the scope of this Privacy Policy, in which case this Privacy Policy will not apply. This may include if you reside outside the United States or use other services not within scope of the Services.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may also provide you with an additional notice in connection with making material changes to this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

I. Notice at collection

This Notice at Collection describes how we collect, use, and disclose personal information.

A. Collection of Personal Information

1. Personal Information You Provide to Us

We collect personal information you provide directly to us. For example, we collect personal information directly from you when you sign up for our identity verification services, register to use our application, or conduct business dealings with us. The types of personal information that we may collect directly from you include the following:

• Information About Yourself: We collect certain identifiers and information about you, such as name, phone number, date of birth, gender, marital status, business name, email address, date of birth, postal address, and other similar identifiers.

• Financial and Transactional Information: We collect payment and other financial information, and information regarding the products or services you purchased, obtained, or considered, and your purchasing or consuming histories or tendencies.

• Professional or Employment-Related Information: We collect information regarding the company you work for and your title.

• Sensitive Personal Information or Data: We also collect certain personal information that is considered sensitive under privacy laws. This includes precise geolocation, Social Security number, driver’s license or state identification number, account login information, financial account, debit card, or credit card information, nationality, and facial recognition data, which is called biometric identifier, data, or information under applicable law (referred to hereafter as, “biometric information”). Where required by law, we will obtain your consent before processing your sensitive personal information. We will also only use your sensitive personal information for limited purposes, such as to provide the goods or services you requested; prevent, detect, and investigate security incidents; resist malicious, deceptive, fraudulent, or illegal actions and prosecute those responsible; verify or maintain the quality or safety of a product, service or device; and ensure physical safety of natural persons. If you have any questions about our handling of sensitive personal information or to withdraw your consent, please contact us at privacy.us@unico.io. We will honor your right to withdraw consent within 15 days.

2. Personal Information We Collect Automatically

We automatically collect certain personal information about your interactions with us or our Services, including:

• Activity Information: We collect information about your activity on our Services, such as when you use our application for identity verification.

• Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.

• Information Collected by Cookies and Similar Tracking Technologies: We and others that control collection of personal information use tracking technologies, such as cookies, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help our online services function, improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about cookies and how to disable them, see Your Choices in Section III below.

Please note that some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the do not track signal, we currently do not respond to the browser do not track signals.

3. Personal Information We Collect from Other Sources

We obtain personal information from other sources. For example, in order to verify your identity, we may collect information about you from identity verification companies and/or government records.

We may receive your phone number from our client, the company you are transacting with. This company is responsible for collecting your phone number in accordance with the applicable laws. We will use this data to send you a text message with a link to start our identity verification services.

4. Personal Information We Derive

We may derive personal information or draw inferences about you based on the information we collect. For example, we may infer your identity based on your device usage data, precise geolocation, or biometric information.

B. Purpose and Use of Personal Information

We may use the categories of personal information identified in Collection of Personal Information in Section I. A above for the following purposes:

• Provide, maintain, and improve our Services;

• Conduct business dealings with our partners, service providers, contractors, or processors;

• Process transactions and send you related information, including confirmations, receipts, invoices, and customer experience surveys;

• Personalize and improve your experience on our Services;

• Send you technical notices, security alerts, and support and administrative messages;

• Respond to your comments and questions and provide customer service;

• Communicate with you about products, services, and events offered by Unico and others and provide news and information that we think will interest you (see Your choices in Section III below for information about how to opt out of these communications at any time);

• Monitor and analyze trends, usage, and activities in connection with our Services;

• Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Unico and others;

• Debug to identify and repair errors in our Services;

• Comply with our legal and financial obligations; and

• Carry out any other purpose described to you at the time the information was collected.

C. Disclosure of Personal Information

We may disclose your personal information in the following circumstances or as otherwise described in this Privacy Policy. To learn more about the categories of personal information and sensitive personal information we may disclose and the categories of recipients, please see Summary of categories of personal information collected and disclosed, including in the prior 12 months in Section V below, which describes our prior 12 months and going forward personal information disclosure practices.

• Our Service Providers, Contractors, and Processors: We may disclose your personal information to service providers, contractors, and processors who provide services to us, such as cloud storage, government records, identity verification, messaging and other technical services.

• Sale or Sharing of Personal Information: We do not sell your personal information or share your personal information for targeted advertising, and have not done so in the prior 12 months. We also do not knowingly sell or share the personal information of children under the age of 16, and have not done so in the prior 12 months.

• Legal Disclosures: We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We may also disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Unico, our users, the public, or others.

• Disclosed to Advisors and Lawyers: We may disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.

• Disclosed During Change of Ownership: We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

• Among Our Family of Companies: Personal information may be disclosed between and among Unico and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.

• With Your Consent: We may disclose personal information with your consent or at your direction.

• Disclosure of Non-Personal Information: We may also use and disclose aggregated or de-identified information that cannot reasonably be used to identify you. When doing so, we publicly commit to maintain and use the information in an aggregated or de-identified form and not attempt to re-identify the information, unless permitted or required by law.

D. Retention of Personal Information

We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. Specifically, Unico deletes biometric information in accordance with legal requirements under biometric laws. For example, for residents in Texas, Illinois, and Colorado, Unico follows the following retention schedule, unless permitted or required to retain the data for a longer or shorter period of time:

• Texas: We will destroy biometric information within a reasonable time following capture, but no later than 1 year after the purpose of its collection has expired.

• Illinois: We will destroy biometric information when the initial purpose of collecting or obtaining such data has been satisfied or within 1 year* of your last interaction with us, whichever occurs first.

• Colorado: We will destroy biometric information on or before the earliest of: (1) the date upon which the initial purpose for collecting the data has been satisfied; (2) 1 year* after your last interaction with us; or (3) 45 days (or up to 90 days if an extension is reasonably necessary) after Unico determines that storage of the information is no longer necessary, adequate, or relevant to the express processing purpose identified.

The one year period is an internal Unico policy. Depending on the state, there may be laws that allow for a longer period.

Unico will otherwise maintain personal information by assessing how long it needs to keep the information based on the following criteria: (1) your continued interest or use of our Services; (2) contractual obligations we are subject to; and (3) for defending or asserting legal claims.

II. Analytics

We allow others to provide analytics services on our behalf. These entities may use cookies, device identifiers, and other technologies to collect information about your use of our Services, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information may be used by us to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.

III. Your choices

A. Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

B. Communications Preferences

You may opt out of receiving text messages or promotional emails from Unico by following the instructions in those communications or by send us an e-mail to privacy.us@unico.io or managing your communication preferences in your account settings menu]. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

C. Mobile Push Notifications

With your consent, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

IV. Children

This website is not intended for or directed at children under the age of 18. In addition, we do not knowingly collect personal information from children under the age of 18. We also do not knowingly sell, share, use for targeted advertising, or disclose the personal information of children under the age of 18.

V. Summary of categories of personal information collected and disclosed, including in the prior 12 months

In the preceding 12 months, we have collected the categories of personal information set forth in the table below. For details about the precise data points we collect and the categories of sources of such collection, please see Collection of Personal Information in Section I. A above. We collect personal information for the business and commercial purposes described in Purpose and Use of Personal Information in Section I.B above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients, which we also describe in greater detail in Disclosure of Personal Information in Section I.C above:

Our prior 12-month personal information handling practices are consistent with our current personal information handling practices described in Notice at collection in Section I.

VI. Automated Processing and Profiling

Unico provides identity verification services by collecting your biometric information, Social Security number, and location or precise geolocation data. For the identity verification process, users take a selfie photo of their face. Unico’s technology extracts a biometric hash of the user’s face based on the photo and compares it with a biometric hash of the user’s face from another source. Unico further uses your Social Security number to confirm your identity by matching it against information from third-party sources. We also use your location and precise geolocation data to confirm whether you are in a location that is affiliated with your identity. Through these data points, Unico’s technology will confirm or deny your identity.

The benefit of Unico’s identity verification service is that it provides a streamlined and automated process of confirming your identity through an application and helping prevent identity theft. However, the potential consequence is that our identity verification process is automated and does not have human review to verify the results. That said, we have tested our identity verification process for anomalies and whether external factors (e.g., lighting or device models) have an impact on results. Our testing revealed that the identity verification service produces accurate results under the circumstances. We also work to improve our product through continuous testing. Moreover, if you have any questions or concerns about the results of the identity verification service, you can contact us at privacy.us@unico.io.

Please note that in providing this service, Unico does not decide whether to provide or deny financial or lending services, housing, insurance, education enrollment or opportunity, criminal justice, employment opportunities, health-care services, or access to essential goods or services (“Legal or Other Similarly Significant Effects”). For this reason, Unico does not believe it needs to provide a right to opt out of profiling under applicable privacy laws. However, to the extent Unico’s identity verification services may lead to decisions by other companies that lead to Legal or Other Similarly Significant Effects, Unico provides individuals a right to opt out of our identity verification services by following the instructions in Section VII.B below.

VII. Your Privacy Rights

A. Privacy Rights That May Be Available

Data privacy laws afford consumers residing in the United States certain rights with respect to their personal information, subject to certain exceptions. Depending on your state of residence, you may be entitled to the rights below, subject to certain limitations:

• (1) Right to Delete. You have the right to request us to delete the personal information we have collected about you.

• (2) Right to Correct. You have the right to request us to correct inaccurate personal information we maintain about you.

• (3) Right to Confirm Processing, Know, and Access. You have the right to confirm whether we are processing your personal information and know and access the personal information we have collected about you, including the categories of personal information; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting, selling, or sharing personal information; the categories of personal information and service providers, contractors, and third parties to whom we disclosed personal information; and the specific pieces of personal information we have collected about you. You have the right to receive this information in a format, to the extent technically feasible, that is portable, usable, and allows you to transmit the personal information to a person without impediment or hindrance.

• (4) Right to Access Biometric Information Details. You have the right to access the category or description of your biometric information; the source from which we collected the biometric information; the purpose for which we collected or processed the biometric information and any associated personal information; the identity of any third party to which we disclosed or disclose the biometric information and the purposes for disclosing; and the category or a description of the specific biometric information that we disclose to third parties.

• (5) List of Specific Third Parties. You have the right, at our option, to receive a list of the specific third parties, other than natural persons, to which we have disclosed either: (a) your personal information or (b) any personal information.

• (6) Right to Opt-Out of Profiling. You have the right to opt out of the processing of your personal information for profiling in furtherance of decisions that have Legal or Other Similarly Significant Effects on consumers. As noted above under Section VI, while Unico does not make such decisions, we will honor an individual’s request to opt out of our identity verification services.

• (7) Rights Related to Sharing for Targeted Advertising or Sale. We do not share your personal information for targeted advertising or sell your personal information. Please contact us below if you have any questions.

• (8) Rights Related to Sensitive Personal Information or Data. Data privacy laws may provide additional protection for sensitive personal information or data. Depending on applicable law, you may have the right to withdraw consent to processing sensitive personal information. Please note that we do not offer a right to limit use and disclosure of sensitive personal information under the California Consumer Privacy Act because we already use your sensitive personal information for permitted purposes, as noted in Section I.A.1 above.

• (9) Right to No Discrimination. You have the right not to be discriminated against for exercising any of your privacy rights. This includes us not: (a) denying you goods or services; (b) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (c) providing you a different level or quality of goods or services; (d) suggesting to you that you will receive a different price or rate for goods or services or a different level or quality of goods or services; and (e) retaliating against you for exercising your privacy rights.

• (10) Right to Appeal. If we decline to take action in response to your exercise of a privacy right, we will inform you of the reason for denying your request and provide you instructions on how to appeal the decision.

B. Instructions on How to Exercise Your Privacy Rights

You may exercise your privacy rights and withdraw consent (to the extent we are processing your personal information based on consent) by emailing us at privacy.us@unico.io. In some instances, we will need to verify your identity before honoring your privacy right request. We will verify your identity by asking you to provide personal information related to your recent interactions with us, such as the information you provided to us for identity verification purposes or to conduct business dealings with us. We will honor your privacy rights request within 45 calendar days of receipt, unless we request an extension as permitted by data privacy laws.

C. Appealing a Denial of a Privacy Right Request

You may appeal a denial of your privacy right requests by emailing us at privacy.us@unico.io. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may submit a complaint to the Attorney General of your state.

D. Authorized Agents

If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent (which may include a guardian or conservator). If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us at privacy.us@unico.io.

E. Shine the Light Disclosure for California Residents

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy.us@unico.io.

VIII. Biometric Information Policy

This section constitutes Unico’s Biometric Information Policy and supplements the above Privacy Policy when Unico and/or its service providers process biometric information.

A. Purpose of Processing Biometric Information

Unico and/or our service providers pursuant to appropriate data sharing agreements, may collect, store, and use biometric information solely for the purpose of providing you with the identity verification services. To provide the identity verification services, users will access or download our application and take a selfie using the application. Unico will use that photo to derive facial identifiers.

B. Disclosure

Unico will not disclose or disseminate biometric information to anyone other than its service providers that process the data on Unico’s behalf in furtherance of Unico’s identity verification services to its users unless the following apply and if permitted under applicable law:

• We obtain your (and/or the legally authorized representative of the individual whose data is to be processed) consent to such disclosure or dissemination;

• The disclosed data completes a transaction that you requested or authorized;

• Disclosure is required by state or federal law or municipal ordinance; or

• Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Service providers who assist Unico with its processes include those that provide cloud storage, government records, identity verification, messaging and other technical services.

C. Data Retention Schedule

Unico describes above under Section I.D. how long it retains biometric information. In the absence of an overriding legal duty to retain biometric information, Unico will permanently destroy such data within the retention period noted above.

D. Security and Notification of Incidents

Unico has taken reasonable measures designed to secure biometric information, during collection, use, and storage, from unauthorized acquisition. Unico’s data security practices are appropriate based on the volume, scope, and nature of the biometric information it processes and nature of our business. Unico also maintains an internal incident response plan in case there is a security incident involving biometric information, along with other forms of personal information. Under its response plan, if there is an incident that requires notification under the law, Unico will provide you notice based on the contact information we have in our records for you. If you suspect that your information may have been subject to a security incident, you may also inform Unico at privacy.us@unico.io and we will investigate the potential incident.

E. Consent

Unico will obtain your consent before collecting your biometric information. Individuals provide their consent when they use our application. You may withdraw your consent at any time by privacy.us@unico.io. We will honor your withdrawal of consent within 15 days.

IX. Contact us

If you have any questions about this Privacy Policy, please contact us at privacy.us@unico.io.