Please read this Privacy Notice to understand what personal data is collected or processed by us, and for what purposes it is used for, how we handle, collect, use, disclose and process personal data that you give us, or receive through third parties or that is in our possession.
ADVANCE.AI - A leading AI company that provides digital transformation, fraud prevention, risk management and process automation solutions for enterprise customers.
At ADVANCE.AI, we provide identification and verification services, credit assessment and/or risk profile. We are committed to protecting the privacy and security of the personal information that is collected as part of providing services to our customers. The purpose of this Privacy Notice is to help you understand how we use the personal information we collect to provide our services on behalf of our customers and build transparency and trust in our system and operations.
When we provide the various services to our customers, we are acting on their behalf as their service provider and data processor. Our services provide results to our customers who decide how to proceed with their user, this may be a decision to proceed, to reject the user or to ask for further follow-up actions. For additional information about how your specific data is being collected and used, please review the privacy policy of our customer who is providing you service using us.
For details about the information we collect on our websites and online platforms, including how we use cookies, please visit our Privacy Policy
We may update this Privacy Notice from time to time, so we recommend you check back on a periodic basis.
Information that we collect
To provide our Services, we collect certain information about you from our customers, who is our customers’ users. The exact information needed depends on the services being provided on behalf of our customer.
Our Services
Information Collected
Document checks: ADVANCE.AI document checks verify documents from across the globe by analysing an image or video of the document. Our system then extracts the information from the image or, if possible. Our models analyse the document which may include barcodes, QR codes, and security chips to verify the document is genuine and detect fraud.
Examples include name, document number, date of birth, nationality, type of document, issuing country, expiration date, and the image metadata associated with the image or video of the document
Facial Biometric Checks and Authentication: When providing biometric checks as part of our identity services, we may perform liveness detection, ask for a picture or video of a user’s face as well as the image or video of their identity document. By extracting and comparing numerical biometric data from facial scan data, ADVANCE.AI assesses whether the person in the photo or video is live and likely to be the same person pictured in the identity document. We will also look for signs of fraud, for example, by comparing the user with information about compromised identities that have been leaked or otherwise made publicly available. Where a customer has asked us to provide our authentication service, we maintain a facial image for each of our customer’s users. This image is updated and improved with each authentication attempt within retention periods as agreed with the customers and subject to any maximum retention periods specified in applicable laws. When authenticating a user, we will compare an image of the user with the image we have stored. If the features within two images match, the authentication is confirmed, and the stored image is updated.
Images and videos recordings of you and your identity document and the image metadata and biometric data, including facial scan data and numerical biometric data, extracted from such images and videos
Verification Services: ADVANCE.AI provides customers with data verification checks via a network of trusted data partners who have undergone appropriate due diligence check and our own internal checks. These checks enable customers to verify their users, detect fraud and comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements. We do this by comparing personal information provided by the customer or the user with information held by data providers or information extracted from documents, e.g., a electricity or telephone utility bill for proof of address checks. Our global network of data verification services varies depending on a user's location and includes multiple sources like voter and driving license registers, Social Security Administration and other government databases, consumer credit agencies, sanctions and Politically Exposed Persons (PEP) lists, mobile network providers etc. At the request of a customer, these services may be provided on an ongoing basis, for example where a customer’s regulatory obligations require ongoing monitoring against sanction and PEP lists
Information collected may include contact details such as postal address, email address, telephone number, social security number or other national identity number, information extracted from a document (e.g.; utility bill) that you upload or other information provided by the data partners. the information collected will vary depending on the availability of checks in your location and the identity services selected by ADVANCE.AI customers.
Fraud Detection and Credit Analytics: ADVANCE.AI leverages several different fraud detection capabilities. Some of which depend on the scope of the identity services selected by ADVANCE.AI customers, other fraud checks are applied across all of the above services. For example, ADVANCE.AI will analyse the metadata associated with the image or video of the document and user (such as whether any editing software can be detected) to assess the likelihood that the user is genuine. When using data to detect fraud or for credit analytics, including when we develop and improve these services, we will seek to minimize personal information and protect users’ privacy by pseudonymizing, de-identifying and aggregating where possible. ADVANCE.AI can help customers to determine whether a device, email address or phone number has previously been used in relation to suspected fraudulent activity, shows unusual usage patterns, has been manipulated or otherwise indicates that the user may not be genuine or have abnormal credit risk. At a customer’s request, ADVANCE.AI and our data providers may collect ‘passive signals’ from the customer (for example mobile number or email address) or a user’s device as they engage with the customer’s website or app or Advance.AI Services. Such information may include device identifiers, IP address, information about the device (for example the operating system used, whether the device is providing false randomized device and network information or has otherwise been compromised) and how the user interacts with it. Together this information helps ADVANCE.AI, and our data providers assess the likelihood of you being a genuine user, assign a risk score and infer certain information such as your broad geographical location from your IP address. In some cases, we may also further check whether we have previously verified a user on behalf of a specific customer by comparing the information submitted as part of one of the above checks (including biometric checks) to a pseudonymized or de-identified version of information we have previously verified for that customer. This helps our customer not only verify users’ identities but further protects them and their users from fraud by helping customers understand when a user may be generating multiple identities, editing and tampering with documents or manipulating device or network information
Information may include mobile number, email address, IP address, device details including device identifiers and other information about your device and how you are interacting with our Identity Services (for example we may collect information about the upload time, which version of our software was used, the device name and model used to capture any images and whether there are any indicators that the device has been tampered with or emulated), user behavioural information, credit risk signal, default risk signal. We may also analyse how you are interacting with your device to assess the likelihood of you being a genuine user, the level of credit risk and who you say you are, for example fraudsters will cut and paste large volumes of information from their clipboard, use this functionality multiple times and otherwise navigate between applications on their device very differently from a genuine user. ADVANCE.AI and our data providers may also use such information to infer other information about you, for example your broad geographical location from your IP address, or to calculate an identity risk score to assist customers in determining whether you are a genuine user.
Other Information we may collect
We keep logs of how our customers, users, and data providers interact with our Services for complying with ADVANCE.AI and our customers’ legal and regulatory obligations, to monitor the security and performance of and to improve the Services. This might include timestamps of when the information was submitted to Advance.AI, the method used to upload information and information about the device used to submit that information. We will pseudonymize, aggregate and/or de-identify information for statistical analysis and business insight reporting.
Automated Processing
When we verify an identity or carry out a check on behalf of a customer, we perform automated processing and provide the output to that customer. The output is generated from the different machine learning models and/or human powered processes that are used to verify an identity or perform a check. You can find an accurate and up to date list of products on our website used by customers’ that have integrated or will be integrating with us.
By providing our customers with these details, our aim is to empower our customers to make informed decisions about users.
Using Information for our Services
At ADVANCE.AI, our vision is to enable our customers in their digital transformation, fraud prevention, risk management, and process automation. To do this, provided we have the permission of our customers, and it is not prohibited by applicable law, we use the information we collect to improve and develop our Products and Services. This includes building and improving algorithms and developing and testing new products and services to better verify a user’s identity and/or detect fraud.
As part of this work, we train our models to recognize specific patterns in information and make predictions about new sets of information based on those patterns. We’ve gathered a substantial and unique set of data across various countries that we operate and provide our product and services, from which we can train our machine learning models to locate and extract the information in documents, to detect fraud, and to engage in verification.
We also train our team to perform those tasks so they can assist when our machine learning models aren’t best suited for the task or are still learning. Sometimes, we’ll also re-run and re-submit checks to ensure our Services are working properly, particularly when testing a new feature or service for quality checks. Together, these developments help make ADVANCE.AI Services stronger and safer for all customers and users.
Where we are using information to further develop our Product and Services, we do so on the basis that the processing is necessary for the legitimate interest of the customer and Advance.AI and, where we use special category data, for reasons of substantial public interest. Such interests include measuring and mitigating algorithmic bias with a view to providing fair and inclusive Product and Services, which effectively detect fraud, and are balanced against the rights and freedoms of users. To safeguard the rights and freedoms of users, ADVANCE.AI has implemented specific measures, including anonymisation, where possible, impact assessments and strict security controls to safeguard the fundamental rights and the interests of the users.
Sharing Information Outside ADVANCE.AI
As well as sharing information with customers, business partners, users, and data providers, ADVANCE.AI shares information:
- With our group entities for the purposes of providing the services and supporting the business.
- With external parties that are performing tasks on our behalf (including service providers for example data analytics providers that help us to analyse trends and provide market insights using the data that we and they hold, information technology and related infrastructure providers, audit and professional service providers).
- With credit reporting bodies or entities that have license to provide credit scores.
- As part of a business transfer. ADVANCE.AI may disclose your personal information to an actual or potential buyer, investor or partner (and its agents and advisers) in relation to any actual or proposed divestiture, merger, acquisition, joint venture, bankruptcy, dissolution, reorganization, or any other similar transaction or proceeding;
- To comply with laws. ADVANCE.AI may disclose your personal information to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person; and
Whenever legally possible, we seek to protect the information we share by imposing contractual privacy and security safeguards on the recipient of the information. This is particularly important in cases where the recipient is located in a country that has different or lesser privacy laws than those of the country where the information was originally collected. In some cases, however, it’s not possible for us to do so — for example, when we have a legal obligation to disclose information to a government authority and that government authority isn’t willing to enter into such contractual safeguards.
Information Security
Security of your personal information is important to us. We take appropriate action to protect personal information from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on secure servers.
We will put in place measures such that your personal information in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (a) the purpose for which that personal information was collected is no longer being served by the retention of such personal information; and (b) retention is no longer necessary for any other legal or business purposes or as per our contractual requirements.
Storage of Data
ADVANCE.AI takes privacy seriously and is continually looking at ways to manage and mitigate data protection and security risks, including by minimizing the data we hold. Where possible we anonymise, aggregate and de-identify information to protect users’ privacy and reduce security risks.
We perform our Services on behalf of our customers for a variety of different reasons. Those reasons are identified by our customers, and we rely on them to tell us when they no longer need us to store the information we’ve collected on their behalf, subject to maximum retention periods imposed by applicable laws, defined by data providers or by ADVANCE.AI. If you, as a user, would like to make a specific request to have your information deleted, please make that request directly to our customer that carried out your related check. For more information about how to do this, please see below under “Data Subject Rights”.
Data Subject Rights
Depending on your location and subject to applicable data protection law, you may have the following rights:
- the right to request access to and disclosure of information that we hold.
- the right to change and/or correct inaccurate information.
- the right to object to our processing of your information where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- the right to request that we delete your personal information, subject to certain exceptions.
- the right to request portability of your personal information. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
- the right to withdraw your consent, if applicable. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you would like to exercise any of the rights set out above, please contact the relevant customer that carried out your related check. Alternatively, you may contact ADVANCE.AI at DPO@advance.ai. Please be aware, for most requests ADVANCE.AI will need to notify the relevant customer so the customer may fulfil the request. This is necessary where ADVANCE.AI is acting on the customer’s behalf or Data Processor.
If you have any questions or concerns about how we use your personal information, please do not hesitate to let us know.
Enquiries
For any enquiries on this Privacy Notice, please reach out to:
Group Data Protection Officer
Email: DPO@advance.ai
We regularly review this privacy notice, and you will be notified of any significant changes to this privacy notice.
Last updated: 20 December,2022