Five ID Privacy Policy
1. Introduction
This Privacy Policy explains how we collect, use, and protect your personal data when you use Five ID for biometric authentication and our Ancillary Services.
Five ID Limited is registered in England under company number 15793519, with its registered office at 6 Stannary Street, London, England, SE11 4AA. We act as the Data Controller for the personal data we process, except where specified otherwise.
If you wish to exercise your privacy rights, have any questions, suggestions, concerns or complaints please contact our Data Protection Officer by emailing dpo@five.id.
2. Information We Collect, Use, and Why
We provide systems and process personal data and special category personal data for the authentication of Five customers. Five ID integrates with various services ("Ancillary Services"), such as payment processing, to instruct payment processors to process payments for our customers. Five ID is the Data Controller for all personal data we process. Our customers are individuals who have signed up for our platform.
Information collected for authentication and fraud prevention purposes:
Palm Biometric Information: To verify your identity and prevent fraud.
Information collected for payment processing Ancillary Services:
Names and contact details: To identify and communicate with you.
Purchase or account history: To assess your transaction limits.
Account details (including card or bank information for transfers and direct debits): To process payments.
3. Lawful basis
Our lawful bases for collecting, processing and storing personal information to authenticate individual members and prevent fraud are:
Explicit Consent: When you provide it.
Contract: When processing is necessary for the performance of a contract with you.
Our lawful bases for collecting, processing and storing personal information to instruct payments from individuals:
Consent: When you provide it.
Contract: When processing is necessary for the performance of a contract with you.
4. Biometric Data Collection and Consent
During Onboarding:
We collect and store your palm biometric data when you create a Five ID account. You will be asked to provide explicit consent for this data collection which will be used for authentication and fraud prevention. If you enrol in payment processing services, this data will be linked to your payment details (e.g., bank account, credit or debit card).
During Authentication:
When you hover your palm over our terminal, we collect your palm biometric data. We compare this data against our stored data to authenticate your identity. We can only determine if a person is a customer post-authentication.
Therefore, by using our terminal for payment processing services, you consent to the collection and processing of your biometric data for the purpose of authentication and fraud prevention. We ensure clear signage and notifications near our terminals informing users of this requirement.
5. Sources of Personal Information
Directly from You: During account creation, authentication, or payment processing.
From Your Bank or Payment Provider: With your authorization, to process transactions.
6. Retention of Personal Information
We retain your personal information only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7. Who We Share Information With
Payment processors: To facilitate transactions we share the information collected to instruct payments.
Third-party service providers: We may use third-party service providers to help us operate our business. These providers are obligated to keep your information confidential.
We will only share your information outside the UK with appropriate safeguards in place, as required by the UK GDPR.
8. Sharing Information Outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, ensuring appropriate safeguards are in place. Please contact us for more information.
9. Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data. A subject access request can be made by email to dpo@five.id. We will need to obtain proof of your identity before providing you with information we hold about you.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - Article 17 UK GDPR lists the circumstances where you have the right to be forgotten and have data concerning you erased from our records. We will fulfil this right where it exists in the listed circumstances.
Your right to object to processing - Article 18 UK GDPR lists the circumstances where you have the right to obtain from us a restriction of processing. If one of these circumstances apply we will restrict our processing of your personal data in the ways required by Article 18.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent.
You don't usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
10. How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
The ICO's address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
11. Explaining AI Decisions
This privacy notice includes the following information to help you understand clearly how your data is being used.
Five ID collects palm biometric information via a dedicated terminal and utilises AI software to compare this data against a database of Five ID customers. If a match is found, customers are authenticated, and payment partners are instructed to process the transaction.
Before collecting your biometric information, you will need to place your palm over a Five terminal during the payment process or onboarding application. These images are encrypted and transmitted to our secure cloud server, where they are converted into biometric measurements and compared against our database.
This rephrased privacy policy ensures compliance with UK GDPR and the Data Protection Act 2018, providing clear and comprehensive information about the collection, use, and protection of biometric data.
Five ID Privacy Policy
1. Introduction
This Privacy Policy explains how we collect, use, and protect your personal data when you use Five ID for biometric authentication and our Ancillary Services.
Five ID Limited is registered in England under company number 15793519, with its registered office at 6 Stannary Street, London, England, SE11 4AA. We act as the Data Controller for the personal data we process, except where specified otherwise.
If you wish to exercise your privacy rights, have any questions, suggestions, concerns or complaints please contact our Data Protection Officer by emailing dpo@five.id.
2. Information We Collect, Use, and Why
We provide systems and process personal data and special category personal data for the authentication of Five customers. Five ID integrates with various services ("Ancillary Services"), such as payment processing, to instruct payment processors to process payments for our customers. Five ID is the Data Controller for all personal data we process. Our customers are individuals who have signed up for our platform.
Information collected for authentication and fraud prevention purposes:
Palm Biometric Information: To verify your identity and prevent fraud.
Information collected for payment processing Ancillary Services:
Names and contact details: To identify and communicate with you.
Purchase or account history: To assess your transaction limits.
Account details (including card or bank information for transfers and direct debits): To process payments.
3. Lawful basis
Our lawful bases for collecting, processing and storing personal information to authenticate individual members and prevent fraud are:
Explicit Consent: When you provide it.
Contract: When processing is necessary for the performance of a contract with you.
Our lawful bases for collecting, processing and storing personal information to instruct payments from individuals:
Consent: When you provide it.
Contract: When processing is necessary for the performance of a contract with you.
4. Biometric Data Collection and Consent
During Onboarding:
We collect and store your palm biometric data when you create a Five ID account. You will be asked to provide explicit consent for this data collection which will be used for authentication and fraud prevention. If you enrol in payment processing services, this data will be linked to your payment details (e.g., bank account, credit or debit card).
During Authentication:
When you hover your palm over our terminal, we collect your palm biometric data. We compare this data against our stored data to authenticate your identity. We can only determine if a person is a customer post-authentication.
Therefore, by using our terminal for payment processing services, you consent to the collection and processing of your biometric data for the purpose of authentication and fraud prevention. We ensure clear signage and notifications near our terminals informing users of this requirement.
5. Sources of Personal Information
Directly from You: During account creation, authentication, or payment processing.
From Your Bank or Payment Provider: With your authorization, to process transactions.
6. Retention of Personal Information
We retain your personal information only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
7. Who We Share Information With
Payment processors: To facilitate transactions we share the information collected to instruct payments.
Third-party service providers: We may use third-party service providers to help us operate our business. These providers are obligated to keep your information confidential.
We will only share your information outside the UK with appropriate safeguards in place, as required by the UK GDPR.
8. Sharing Information Outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, ensuring appropriate safeguards are in place. Please contact us for more information.
9. Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data. A subject access request can be made by email to dpo@five.id. We will need to obtain proof of your identity before providing you with information we hold about you.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - Article 17 UK GDPR lists the circumstances where you have the right to be forgotten and have data concerning you erased from our records. We will fulfil this right where it exists in the listed circumstances.
Your right to object to processing - Article 18 UK GDPR lists the circumstances where you have the right to obtain from us a restriction of processing. If one of these circumstances apply we will restrict our processing of your personal data in the ways required by Article 18.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent.
You don't usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
10. How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
The ICO's address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
11. Explaining AI Decisions
This privacy notice includes the following information to help you understand clearly how your data is being used.
Five ID collects palm biometric information via a dedicated terminal and utilises AI software to compare this data against a database of Five ID customers. If a match is found, customers are authenticated, and payment partners are instructed to process the transaction.
Before collecting your biometric information, you will need to place your palm over a Five terminal during the payment process or onboarding application. These images are encrypted and transmitted to our secure cloud server, where they are converted into biometric measurements and compared against our database.
This rephrased privacy policy ensures compliance with UK GDPR and the Data Protection Act 2018, providing clear and comprehensive information about the collection, use, and protection of biometric data.