Effective date: 19 February 2021
We are Boku Identity, Inc. of 735 Battery Street, 2nd floor, San Francisco, CA 94111, United States.
We provide mobile identity services for use by merchant and enterprise customers (“Merchants”). When you use our services, you trust us with your personal information. We are committed to maintaining that trust and want to provide transparency about how we protect, collect, use and share the personal information you share with us. and to assist you in exercising the privacy rights available to you.
This privacy notice applies to personal information processed by us in the course of our direct business-to-business relationship with our Merchants and other individuals we may directly interact with, including on our website and our related online and offline offerings. To make this privacy notice easier to read, our website and our related offerings are collectively called the “Services.”
3. Personal Data Collected
The categories of personal information we collect depend on how you interact with our Services.
Information You Provide to Us
Your Communications with Us. We collect personal information from you such as email address, phone number, or mailing address when you request information about our Services, register for our Services.
Customer Service and Support. If you call or otherwise interact with Boku Identity’s customer service and support, we may collect the information you provide to our representatives.
Conferences, Trade Shows, and Other Events. We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in Boku Identity and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Product Demonstrations. If you participate in a Boku Identity product demonstration (e.g., as a prospective Merchant of the Mobile ID Services), you will be asked for consent to access and use your personal information for the demonstration, including your mobile phone location, obtained from your mobile carrier. The information obtained during product demonstrations is only used for the purpose of performing the product demonstration.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Information Collected Automatically
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information (including inferred location based off of your IP address), Internet service provider, mobile carrier, pages that you visit before, during and after using the Services, information about the links you click, information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
- Cookies. Cookies are small text files placed in device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
4. How we use this data
Boku Identity is committed to ensuring the information we obtain and use about you is processed in accordance with its intended purpose. We use your personal information for a variety of business purposes, including:
To Provide the Services or Information Requested, such as:
- Responding to questions, comments, and other requests;
- Providing access to certain areas, functionalities, and features of our Services; and
- Answering requests for customer or technical support.
Administrative Purposes, such as:
- Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
- Measuring interest and engagement in our Services;
- Improving the Services;
- Developing new products and services;
- Ensuring internal quality control and safety;
- Carrying out audits;
- Preventing and prosecuting potentially prohibited or illegal activities;
- Enforcing our agreements; and
- Complying with our legal obligations.
Marketing Our Products and Services. With prior notice to you, we may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.
Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
De-identified and Aggregated Information Use. We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
- Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising or Targeting Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third party sites.
5. How your data is shared
We will not sell, rent, or lease your personal information. We may however share the information you share with us, for the purposes identified above, with the following parties:
Service Providers. We may share any personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for:
- the provision of the Services;
- the provision of information, products, and other services you have requested;
- marketing and advertising;
- payment and transaction processing;
- customer service activities;
- the provision of IT and related services.
Business Partners. We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.
Affiliates. We may share personal information with our affiliated entities.
APIs and Software Development Kits. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your personal information in order to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
6. How your data is retained and protected
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.
Preventing Identity Theft
Boku Identity is dedicated to protecting your personal information. We will never initiate a request for personal information from you by fax or email.
Please do not send confidential personal information such as Social Security Numbers, government identification numbers, or account numbers to Boku Identity via an unsecured email message. You may send confidential information to Boku Identity via posted mail, phone or contact us at email@example.com.
Do not be misled by emails that appear to be from us and ask for personal information. If you receive a suspicious email requesting your personal information, please forward the email immediately to firstname.lastname@example.org. To report fraud to the Internet Fraud Complaint Center, visit www.ic3.gov. This is a partnership between The FBI and the National White Collar Crime Center.
Third Party Websites/ Application
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
7. Your rights and your choices about your information
Boku Identity is committed to collecting and retaining the personal information you provide to us in accordance with your wishes and as permitted or required by law.
You may have the right to object to or opt out of certain uses of your personal information.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Interest-Based Advertising
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions here: https://www.networkadvertising.org/mobile-choice.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/.
Please note you must separately opt out in each browser and on each device.
For purposes of the California Consumer Privacy Act, we do not “sell” your personal information.
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your personal information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; (vi) withdraw your consent and (vii) request erasure of personal information held about you by us, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
If you are a California resident, you have the right not to receive discriminatory treatment by Boku Identity for the exercise of your rights conferred by the California Consumer Privacy Act.
8. Use by children
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
9. Global operations
All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If you are based in the EEA or the United Kingdom, when you use the Boku Identity services, you authorise us to transfer, store, and process your information in the following territories:
- any country within the EEA; and / or
- any county outside the EEA:
(a) which is on the European Commission’s list of approved territories as providing adequate data protection for the rights and freedoms of individuals;
(b) where Boku Identity has ensured appropriate safeguards via the Standard Contractual Clauses or with such third parties for the transfer of your personal information in compliance with such organisational and technological safeguards as are necessary to protect your privacy.
Standard Contractual Clauses
The European Commission has approved the use of Standard Contractual Clauses as a means of ensuring adequate protection when data is transferred outside of the EEA to third countries that have not been approved via an adequacy decision from the European Commission. Through the use of the Standard Contractual Clauses, data which is transferred to third countries will be protected when transferred outside the EEA or the United Kingdom. Boku Identity relies on the Standard Contractual Clauses for any transfers to third party countries that have not been approved via an adequacy decision from the European Commission such as the United States and by using the Boku Identity services you agree to that reliance.
EU – U.S. PRIVACY SHIELD AND SWISS – U.S. PRIVACY SHIELD
Boku Identity complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland to the United States in reliance on Privacy Shield.
Boku Identity has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List.
Boku Identity is responsible for the processing of personal information shared with third-parties under the Privacy Shield Framework unless it can be established that we are not responsible for the event giving rise to the claim. With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Boku Identity is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (“FTC”).
If you have any questions or concerns related to our Privacy Shield certification or to resolve any complaints about our collection or use of your personal information, you should first contact us Boku Identity using the information provided below.
Boku Identity has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning personal information transferred from the EU and Switzerland to the United States. The independent recourse mechanism for Privacy Shield complaints for EU and Swiss individuals can be found here:
- EU Data Protection Authorities (DPAs)
- Swiss Federal Data Protection and Information Commissioner (FDPIC)
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution options do not satisfactorily resolve your concerns.
Following the Schrems II judgment on 16 July 2020, Boku Identity no longer relies on the Privacy Shield Framework for transfers of personal data from the EEA or the United Kingdom to the United States.
10. Who to contact
If you are not a resident of the EEA, Switzerland or the United Kingdom, please write to:
Data Protection Officer
Boku Identity, Inc.
735 Battery Street, 2nd floor,
San Francisco CA 94111
If you are a resident of the EEA or Switzerland, please write to:
Data Protection Officer
Boku Identity, Inc.
Boku Mobile Solutions Ireland Limited
2nd Floor 1-2 Victoria Buildings
Republic of Ireland
If you are a resident of the United Kingdom, please write to:
Data Protection Officer
Boku Identity, Inc.
Boku Network Services UK Ltd
2nd floor, 9 Orange Street,
London, WC2H 7EA
11. The right to complain
If you are located in the European Economic Area, Switzerland or the United Kingdom, you have the right to lodge a complaint with the relevant supervisory authority if you believe our processing of your personal information violates applicable law.
12. Policy amendments
This website will always contain our current Privacy Notice. If we decide to change our privacy practices, we will post those changes to this Privacy Notice and other places we deem appropriate.