Effective Date: April 13, 2020
Please note: this Policy applies to Internet Original Documents, Inc. Inc. and its subsidiaries, including DIRO LABS Ltd (collectively, “DIRO”, “we”, “our”, and “us”). To determine the relevant DIRO entity that is responsible for processing your information, please see the “Contacting DIRO” section below.
A quick note about DIRO
Our mission at DIRO is to empower you as an end-user to be able to own your credentials and share them with other service providers to enhance and multiply trust in the internet ecosystem. DIRO lets you create original documents from any global data source behind a private login that you would otherwise not be able to utilise and share with others.
About this Policy
Our goal with this Policy is to provide a simple and straightforward explanation of what information DIRO collects from and about end users (“End User Information”), and how we use and share that information. We value transparency and want to provide you with a clear and concise description of how we treat your End User Information.
Please note that this Policy only covers the information that DIRO collects, uses, and shares. It does not explain what developers do with any End User Information we provide to them (or any other information they may collect about you separately from DIRO). This Policy also does not cover any websites, products, or services provided by others. We encourage you to review the privacy policies or notices of developers or those third parties for information about their practices.
Our Data Practices
Information We Collect and Categories
As explained in greater detail below, DIRO has collected identifiers, commercial information, electronic network activity information, professional information, inferences, and other types of End User Information.
Information you provide. When you connect your financial accounts with a developer application or otherwise connect your financial accounts through DIRO, where applicable, we do not collect identifiers and login information required by the provider of your account, such as your username and password, or a security token. We only collect your phone number, email address to help verify your identity before connecting your financial accounts. When taking the screenshots, you give the developer and DIRO the authority to act on your behalf to access and transmit your End User Information from the relevant bank or other entity that provides your financial accounts (we’ll call them “financial product and service providers” in this Policy). You may also provide us with identifiers and other information, including your name, email address, and phone number, when you contact us or enter any such information on our websites.
Information we collect from your financial accounts. The information we receive from the global data sources varies depends on the specific DIRO screenshots you provide and developers use to power their applications, as well as the information made available by those providers. We may collect any types of identifiers, commercial information, and other personal information from the service providers based on the screenshot you take.
Information we receive about you from other sources. We also receive identifiers and commercial information about you directly from the relevant developer or other third parties, including our service providers, bank partners, and identity verification services. For example, developers may provide information such as your full name, email address, phone number, or information about your financial accounts and account transactions.
Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences. For example, we may infer your location, your legal identity or the strength of your impersonation check from the information we have collected about you from other sources.
How We Use Your Information
We use your End User Information for a number of business and commercial purposes, including to operate, improve, and protect the services we provide, and to develop new services. More specifically, we use your End User Information:
Our Lawful Bases for Processing (EEA and UK End Users Only)
For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal basis for processing your End User Information will depend on the information concerned and the context in which we collected or processed it. Generally, however, we will normally only collect and process End User Information where:
To the extent we rely on consent to collect and process End User Information, you have the right to withdraw your consent at any time per the instructions provided in this Policy.
How We Share Your Information
We share your End User Information for a number of business purposes:
We may collect, use, and share End User Information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and to facilitate research.
We do not sell or rent personal information that we collect.
Our Retention Practices
We retain End User Information for no longer than necessary to fulfill the purposes for which it was collected and used, as described in this Policy, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using an application or terminate your account with one or more developer, we may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.
Please refer to the “Your Data Protection Rights” section for options that may be available to you, including the right to request deletion of End User Information. You can also contact us about our data retention practices using the contact information below.
International Data Transfers
We operate internationally, and as a result, will transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals’ rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting as set out below.
Your Data Protection Rights
Under applicable law, and subject to limitations and exceptions provided by law, if you are located in the EEA or UK, and in certain other jurisdictions, you may have certain rights in relation to the End User Information collected about you and how it is used, including the right to:
Under the California Consumer Privacy Act (“CCPA”), and subject to certain limitations and exceptions, if you are a California resident, you may have the following rights with respect to End User Information we have collected about you that constitutes personal information under the CCPA:
To exercise your data protection rights, where applicable, you can submit a request using our online form (available here), or contact us as described in the “Contacting DIRO” section below. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.
We will consider all such requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.
Changes To This Policy
We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on DIRO’s website at https://diro.io/legal and update the effective date at the top of this Policy. We will also notify developers of any material changes in accordance with our developer agreements, as they are generally best positioned to notify their end users about such changes to this Policy, as appropriate.
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at firstname.lastname@example.org