Privacy Policy

Updated: October 2024

GENERAL

OwnID Inc. (“we”, “us”, “our”, “Company” or “OwnID”), is committed to protecting the privacy of our services' endusers, business partners and our website's visitors, all as further detailed below. We take several precautions and have implemented certain mechanisms to ensure the protection of Personal Data (as defined below), as well as to comply with applicable privacy and data protection laws.

This Privacy Policy (“Privacy Policy”) is an integral part of our Terms of Use and governs the collection, processing, usage and transfer of data by us from: (i)individuals who access and use our website: https://www.ownid.com (respectively,“Visitor(s)” and “Website”); (ii) end-users who use our OwnID password-less widget embedded within our business partners’ websites, apps, or other digital assets (“Partner's Digital Assets”) (respectively, “End-User”and “Widget”); and (iii) our business partners who has been registered to our services through our Website, including any individual on their behalf (“Partner”). All of the above shall be referred to as “you” or “User(s)”.

This Privacy Policy explains how you can exercise your rights related to yourPersonal Data, in accordance with the laws and regulations applicable to you (which may include for example the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). In the event you are a California resident and the CCPA applies to you – please make sure to review our CCPA Privacy Notice to learn more about our privacy practices with respect to the CCPA. If you have any questions or requests regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: support@ownid.com.

THE HIGHLIGHTS

· As an essential part of our business, we offer our Partners to facilitate the registration and login process on their Digital Assets, by enabling End-Users to proceed with registration or log-in, quickly without providing any credentials, by using the OwnID Widget embedded in the applicable Digital Assets. In this framework, we do not process Personal Data related to End-Users. We solely use End-User’s device verifications method (e.g., Face ID) for authentication purposes. This information is not stored or processed by us. The entire verification and authentication process happens within End-User’s device. For the purpose of this Privacy Policy, the Widget and any associated services provided to our Partners shall be collectively referred to as the “Services”.

· Children under the age of 16 (or equivalent minimum age for providing consent) are not permitted to use the Services without parental or legal guardian consent. In any event, we do not knowingly collect children's Personal Data.

· You are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.

· You may not share Personal Data about other people with us who you are not authorized to share or use.

· You may be entitled to request to review, amend, erase restrict and opt-out from the processing of your Personal Data, in accordance with applicable law. For more information regarding your rights please refer to our Privacy Rights Policy.

· We share Personal Data with third parties in connection with the provision of the Services, or other limited circumstances as specified here in.

WHAT IS PERSONAL DATA?

"Personal Data" is any information which identifies or can be reasonably used to identify a natural person. Such data includes for example:first and last name, phone number, email address, unique online identifiers, billing information, credit card details, etc.

As opposed to Personal Data, "Non-Personal Data", or anonymized data, is information which does not identify a specific natural person and cannot reasonably be used for such identification. This type of information includes for example aggregate or statistical data or otherwise, technical information transmitted from your device such as type of browser and operating system, language preference, referring and exit pages and URLs, time and datestamp, amount of time spent on particular page.

‍

Types of personal data processed	Purposes of processing	For EU persons – Legal Basis under the GDPR
Data related to End-Users
We do not collect or process Personal Data when you sign up and log-in When you sign up to create an account at the Partner’s Digital Assets or when you log-in following a registration, for the purpose of accessing your account on the Partner's Digital Asset , you will be offered to skip the password option, by using our Widget, and proceed registration or log-in without providing any credentials. If you choose that option you will be transferred to a designated page requiring you to scan a QR barcode with your device, in order to authenticate and verify you by using your device verification method (e.g., face ID or device password, or both, as applicable). In such cases, we do not collect, store or process any of your Personal Data. We keep your identity anonymous.
Reset Password Although we do not process your Personal Data in connection with the provision of our Services, mainly the use of the Widget by End-Uses (as explained above), to the extent you want to log-in and you do not have your phone with you, or you want to reset password, we will have access to your email address for reset purposes but we do not store it on our databases (i.e., we will receive your email from the Partner and use it solely for sending you reset link via email). This information will be provided to us by the Partner. Note, you are not required to provide us with your email in order to use the “Skip Password” option available on the Partner’s Digital Assets.	This information will be processed solely for the purpose of providing our Services by enabling you to skip the password by using our Widget or reset password.	Performance of a contract.
Visitors, Partner and Partner’s Personnel
Partner’s Onboarding In order to provide our Partners with our Services, and upon registration through the console on our Website, we collect information regarding the Partner and personnel on its behalf, such as full name of the contact person, email address, country and credentials.	• To onboard Partners to our Services. • To identify authorized users who access the Services. • To resolve any disputes, communicate with you regarding customer service and support issues, and respond to questions or comments, and help resolve any problems. • To send you service-related messages. • To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and other misuses of services, to protect the security or integrity of our databases and services, and to take precautions against legal liability.	• Necessity of processing for the purposes of our legitimate interests. • To perform the contract to which the Partner is a party. • To fulfill our legal obligations.
Demo If a prospective Partner or other Visitor is interested in demonstration of our Services, they can register for a demo, through our Website, and then we will collect and process the following information: name, email address and credentials.	To send you a demo of our Services.	• Performance of a contract.
Contact Information In the event you contact us for customer service, support or any other inquiries, by sending us an email or via feature available on the Website, or by any other means of communications we may make available to you, you will be requested to provide us with your full name, email address and phone number. In addition, you can choose to provide us with additional information as part of your correspondence with us.	• We will process this information and use it solely for the purpose of responding to your inquiries and providing you with the support or information you requested. • We may process the contents of our correspondence with you in order to improve our customer service, and in the event we believe it is required in order to provide you with any further assistance (if applicable).	• Necessity of processing for the purposes of our legitimate interests.
Online Identifiers When you access our Website or interact with our Services, we may collect certain online identifiers (e.g. your IP address). This information might be collected through our use of cookies. Please see below detailed information on how we use cookies.	• To improve our Website Services, identify any difficulties or failures in the process, for analysis, statistics and customization of the services. • To prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and other misuses of the Website and Services.	• Necessity of processing for the purposes of our legitimate interests. • In the event we will use cookies, we will obtain your consent, subject to applicable law requirements.
Feedback If you voluntarily choose to fill out feedback questionnaire, will collect your email address and any additional information you choose to provide.	• To improve our Services, identify any difficulties or failures in the process, for analysis, statistics and customization of the services.	• Necessity of processing for the purposes of our legitimate interests.

‍

HOW WE COLLECT INFORMATION

Depending on the nature of your interaction with us, we may collect information from you in one or both of the following ways:

· Automatically – we may use cookies (as further elaborated below) or other similar tracking technologies to gather some information automatically when you interact with our website and Service.

· Provided by you voluntarily –we will collect information if and when you choose to provide us with the information, such as through the Service, when you contact us or sign up for our newsletter.

YOUR RIGHTS RELATED TO YOUR PERSONAL DATA

Depending on your jurisdiction, data protection and privacy laws provide you with the ability to exercise certain rights regarding your Personal Data that we process.The principal rights includes the right to access your Personal Data; the right to ensure your Personal Data is accurate, complete and up to date; the right to have your Personal Data amended or otherwise deleted; the right to object to the processing of your Personal Data; the right to send or “port” your Personal Data; the right to file a complaint with a supervisory authority in your jurisdiction; and the right to withdraw consent, subject to legal or contractual restrictions and reasonable notice;

Please review our Privacy Rights Policy for more information regarding the rights you may have under the relevant data protection and privacy laws in your jurisdiction.

If you wish to exercise any or all of the above rights, please fill out the Data Subject Request Form (“DSR”) available here, and send it to us at: support@ownid.com.

If we are unable to provide you with the information that you asked for, we will endeavour to explain the reasoning for this and inform you of your rights. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.

WITH WHICH THIRD PARTIES DO WE SHARE PERSONAL DATA?

We do not share any Personal Data collected from you with third parties except in the following events:

- Compelled Disclosures - We may share Personal Data with third parties where required to comply with a legal requirement, for the administration of justice, to protect the vital interests of data subject or the vital interests of others, to protect the security or integrity of our databases and services, and to take precautions against legal liability.

- Enforcement of our Rights- To enforce this Privacy Policy and the terms of our agreements (including theTerms of Use), including the investigation of potential violations thereof.

- Change of Control- In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale, etc.), we may share Personal Data with our affiliated companies or acquiring company, which will assume the rights and obligations as described in this Privacy Policy.

- Security Detections - To detect, prevent, or otherwise address fraud, security or technical issues.

- Affiliated Companies - With our parent company, any subsidiaries, joint ventures, or other companies under common control with the Company solely if and when applicable or necessary for the purposes described in this Privacy Policy, orin the event of any of the corporate transactions listed herein;

- Service Providers - To collect, hold or manage your Personal Data through our authorized third-party service providers and to perform certain requested services on our behalf, as reasonable for our business purposes, all of whom we contractually ensure comply with applicable data protection laws. Some examples of service providers that we may use include (without limitation): payment processors, server and storage providers and marketing partners.

- Explicit Consent - If you provide us with your explicit approval to share your information prior to the disclosure.

COOKIES & TRACKING TECHNOLOGIES

We may use cookies and other similar tracking technologies or method sof web and mobile analysis to gather, store, and track certain information related to your access of, activity and interaction with our Website.

A “cookie” is a small piece of information that a website assigns to your device while you access such website. Cookies are very helpful and may be used for a variety of different purposes. These purposes include, among other things, allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences and making the interaction between you and our Service quicker, easier and smoother. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising). You can find out more information about cookies at www.allaboutcookies.org.

The third-party cookies used on our Website are as follows:

Cookie	Purpose	Privacy Policy
Google Analytics	Analytical, Measurement & Performance	www.google.com/policies/privacy/partners https://policies.google.com/technologies/managing?hl=en https://tools.google.com/dlpage/gaoptout For additional information regarding our use of Google products, click here.
Google Tag Manager	Targeting & Advertising

‍

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.

Please see the following links for more information with respect to how you can block or erase cookies via your particular browser: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.

DO WE TRANSFER PERSONAL DATA INTERNATIONALLY?

In the event that we need to transfer Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") and transferred outside of the EEA will be transferred under the applicable mechanism approved by the European Union.

CHILDREN

Our Services are not intended to persons under 16 years old or equivalent minimum age for providing consent to processing of Personal Data in the relevant jurisdiction(“Child”). If a parent or guardian becomes aware that his or her Child has provided us with Personal Data without their consent, he or she should contact us immediately. We do not knowingly collect or solicit Personal Data from a Child. If we become aware that a Child has provided us with Personal Data, we will delete such data from our databases.

MARKETING MATERIALS

We may send our Partners, or users who provided us with their consent, with information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications at any time by either: (i) using the “unsubscribe” feature available within the message; or (ii) sending us an email to: support@ownid.com.

HOW DO WE PROTECT PERSONAL DATA?

We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of personal data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction.

Please contact us at: support@ownid.com if you believe that your privacy was treated in a way that was not in accordance with this Privacy Policy. In the event of a security incident in which we discover that your Personal Data may be at risk, we will take reasonable efforts to notify you and the applicable authority (if we are required to doso, subject to applicable laws).

DATA RETENTION

Unless you instruct us otherwise, and subject to applicable laws, we retain the Personal Data we collect for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our agreements, if applicable.

CHANGES TO THIS PRIVACY POLICY

We may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website, and shall be effective as of the date in which they are posted on the Website. The last revision date will be reflected in the “Last Updated” heading located at the top of the Privacy Policy. We will make a reasonable effort to notify you in the event that we implement any changes that substantially changes our privacy practices. We recommend that you review this Privacy Policy periodically to ensure that you understand our privacy practices and to check for any amendments.

CONTACT US

If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us:

By Email: support@ownid.com

By mail: OwnID Inc.

65 Annie Street, San Francisco, CA 94105

Privacy Policy

‍

Subscribe to stay up-to-date on passwordless: