Privacy Policy

  1. WHO WE ARE AND HOW TO CONTACT US
    1. The website at www.ageid.com and the age-restricted login we offer (together or individually known as the "Platform") are owned and operated by MG SOCIAL LTD ("AgeID", "we", "us" or "our"). We are registered in Cyprus and our registered office is at 195-197 Old Nicosia- Limassol Road, Block 1 Dali Industrial Zone, 2540, Cyprus. AgeID is the Controller of personal data processed through use of the Platform.
    2. We have appointed a Data Protection Officer, who is assisted by our privacy and security team. If you have any questions about this policy or would like to exercise any of your rights, please contact our Data Protection Officer(s) either by:
      1. Email at: privacy@ageid.com; or
      2. Email at: dpo@ageid.com
  2. WHEN THIS PRIVACY POLICY APPLIES
    1. This Privacy Policy (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
    2. We respect your privacy and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this privacy policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not want your information to be processed as set out in this privacy policy, please do not provide any personal data to us and do not use the Platform.
    3. This privacy policy applies to information we collect:
      1. on the Platform; or
      2. in e-mail and other communications between you and AgeID.
    4. It does not apply to information collected by:
      1. any other website operated by us (or our affiliates and group companies);
      2. any website operated by a third party including those on which the Universal Login can be used; or
      3. any application or content (including advertising) that may link to or be accessible from or on the Platform.
    5. We strongly recommend that you review the privacy policies of any website on which you use our Universal Login to access before using them or providing them with any personal data.
  3. WHO THIS PRIVACY POLICY APPLIES TO
    1. This privacy policy applies to anyone who visits or uses our Platform. The personal data that we collect about our users depends on what type of user they are:
      1. Our "Personal Users" are individuals who create an account with us so they are able to access age restricted content, once their age has been verified by a third party.
      2. Our "Business Users" are businesses operating websites which include age- restricted content and who request our age verification services.
    2. The phrase "Users" shall mean anyone who visits or uses the Platform and includes Personal Users and Business Users.
  4. WHY DO WE COLLECT INFORMATION?
    1. The Digital Economy Act 2017 requires website operators to verify a person's age before allowing them access rights to certain websites and/or certain types of content shown on websites. We collect information from Personal Users in order to verify their age and provide them with login access to websites that contain age restricted content.
    2. If a Personal User would like to use our service, our third party age verification service providers will require certain personal data to process the verification. The third party age verification service providers will then confirm whether the Personal User is at least 18 years old. Once a Personal User's eligibility to use our services has been confirmed, they will be granted a "Universal Login" which they will be able to use to access websites operated by Business Users.
    3. We will explain the purposes and legal basis on which we process data in more detail at section 7 of this policy.
  5. INFORMATION WE COLLECT AND HOW WE COLLECT IT
    1. We only collect a limited amount of "personal data" about Users, meaning information relating to an identified or identifiable natural person.
    2. Personal Users. We collect, receive and process the following personal data about you:
      Personal data we collect How it is collected
      Login ID (including your email address and password) You will provide it directly to us when you create an account with us. Note that we hash such data when storing your Login ID, for increased privacy.
      Age Status (whether or not you are at least 18 years old, but not your exact age or date of birth). We will receive this information from a third party age verification service provider when they have verified your age.
      Technical data (including your internet protocol address (IP address) and log in data. We may collect this information from your device or browser. Note that we may hash your IP address for increased privacy
      Cookie data If we or a third party have set cookies on your device or browser. Please see Section 6 and our Cookie Policy for more information relating to the cookies we use.
      Jurisdiction data (the country in which you are located, but not your exact location) We receive information about your approximate location from your IP address.
    3. We do not collect personal data regarding the content accessed by Personal Users when visiting a Business Users' website.
    4. Business Users. We collect, receive and process the following personal data about you:
      Personal data we collect How it is collected
      Login ID (including email address and password) You provide this information when you register as a Business User and if you later update your details.
      Contact data (including name, company name, email address, address, country, website URL and telephone number). You provide this information when you register as a Business User and if you later update your details.
      Technical data (including your internet protocol address (IP address) and log in data. We may collect this information from your device or browser.
      Cookie data If we or a third party have set cookies on your device or browser. Please see Section 6 and our Cookie Policy for more information relating to the cookies we use.
      Financial data (including information about billing, invoices, bank accounts, payments made or owed, outstanding debts). You will provide some of this information yourself when signing up as a Business User and we may compile some of it ourselves.
      Marketing and Communication data (including your Contact data and what information you are interested in receiving from us). When you sign up as a Business User and when you communicate with us.
  6. COOKIES
    1. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you decline to accept cookies, some functionality on our Platform may be disabled (e.g. you may have to log in more frequently) and you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
    2. Cookies can be either session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after many years.
    3. We currently use the following types of cookies:
      Cookie Reason/Purpose Duration/Type
      AgeID cookie This cookie is used for Users which are registered and logged in and assists in tracking this information. It does not store the email address or password of the User. Persistent cookies
      Load Balancer cookie This cookie tells the device which server to connect to based on the load. Session cookie
      Google Analytics We use two google analytics cookies which contain information regarding their device if the User has chosen to share it with Google Analytics.

      Google Analytics is a web analytics service provided by Google, Inc. which uses cookies to collect information about how visitors use our site. We use this information to compile reports and to help us improve our site. Google holds this information and provides us with access to it. Find out more about Google Analytics at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
      Read the Google Analytics privacy policy at: https://www.google.co.uk/policies/privacy/
      You can find out how to opt out of being tracked by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout
      Various lengths
  7. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
    1. We use information that we collect about you or that you provide to us for following purposes:
      What's the purpose? Which types of data are processed? What's the lawful basis?
      Personal Users Only
      Confirming a Personal User is at least 18 years old (via a third party that you nominate). Login ID and Age Status. It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interest of operating our business effectively.
      Business Users Only
      Verifying identity of a Business User. Login ID, Contact and Financial data. It is necessary to comply with our legal obligations.
      For issuing you with invoices and billing you for services we provide. Contact, Financial and Marketing and Communications data. It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interest of charging you for services we have provided.
      Personal Users and Business Users
      Communicating with you.

      (Note: we do not send direct marketing to Personal Users' email addresses and Login IDs are stored as hashed data. However Users may provide their un-hashed personal data when communicating with us).
      Login ID (for Personal Users).

      Login ID, Contact and Marketing and Communications data (for Business Users).
      It is necessary for our legitimate interest of operating our business, resolving issues if they arise and assisting Users to recover their accounts or re-set passwords.
      Provision of services Login ID, Age Status, Technical, Cookie and Jurisdiction data (for Personal Users).

      Login ID, Contact, Technical, data (for Business Users).
      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interest of operating our business effectively and presenting our Platform and its contents to you in the most effective way.
      Providing you with support, resolving complaints and monitoring feedback. Login ID and Technical Data (for Personal Users).

      Login ID, Contact, Technical, Transactional (for Business Users).
      It is necessary for our legitimate interests of running our business effectively.

      It is necessary for the performance of a contract with you (e.g. where it is offered as part of our Terms of Service or Business User contract).
      Administering and protecting our site (e.g. troubleshooting, testing, data analysis, system maintenance) Login ID, Technical and Jurisdiction data (for Personal Users).

      Login ID, Technical data (for Business Users).
      It is necessary for our legitimate interests of operating our site well, protecting us from cyberattacks and preventing fraud etc.
      Managing our relationship with you (including managing your account, notices about your account, and notices about changes to our Platform or any services we offer or provide through it) Login ID and Technical data (for Personal Users).

      Login ID, Contact, Technical, Transactional, Financial and Marketing and Communication data (for Business Users).
      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interests of running our business effectively.
      To enforce our terms and conditions or contract with you, prevent fraud or any other processing required to comply with requirements imposed by law or a court order. Login ID, Age Status, Technical, Cookie and Jurisdiction data (for Personal Users).

      Login ID, Contact, Technical, Transactional, Financial and Marketing and Communication data (for Business Users).
      It is necessary to comply with our legal obligations.

      It is necessary for the performance of a contract (or potential contract) with you.

      It is necessary for our legitimate interests of running our business effectively.
    2. Sometimes we process your personal data for more than one lawful basis depending on the particular purpose for which we are using your data. We may use your data in any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this privacy policy.
    3. Where we need to process your personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. This means that we may not be able to provide you with the information or services you required. We will let you know if this is the case at the time.
  8. DISCLOSURE OF YOUR PERSONAL DATA
    1. We understand that your personal data is important and we therefore want you to understand the limited circumstances in which we may disclose it. We do not share your personal data with third parties or allow them to access it, except as indicated below:
      1. For Personal Users:

        If you are a Personal User and we refer any dispute between us to the ODR Platform, and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.
      2. For Business Users and Personal Users:

        To our third party suppliers (e.g. serving hosting supplier, customer services supplier, business support supplier).
      3. In response to a summons or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Platform terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
      4. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by us about our Users is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this privacy policy.
      5. To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrong doing; to protect and defend the rights, property or safety of our company, our Users, our employees, or others, to maintain and protect the security and integrity of our Platform or infrastructure.
      6. To the extent this is necessary to fulfil any other purpose not mentioned above for which you provided personal data and, if applicable, your consent separately from this privacy policy.
    2. We may also disclose aggregated non-personal data (information that does not identify any individual) without restriction. In particular, we may transfer non-personal data and process it outside your country of residence, wherever the Platform, its affiliates and service providers operate. We may combine non-personal data we collect with additional non- personal dat
  9. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
    1. By using the Platform you consent to the transfer of information that we collect about you, including personal information, to any country in which we, members of our corporate group (that is, entities that control, are controlled by, or are under common control with us) or our service providers are located.
    2. If we do share your personal data with third parties that are based outside the European Economic Area (EEA) and other regions with comprehensive data protection laws, we ensure a similar degree of protection is afforded to it by ensuring that the information is transferred in accordance with this privacy policy and as permitted by the applicable laws on data protection, with at least one of the following safeguards is in place:
      1. That country has been deemed to provide an adequate level of protection for personal data by the European Commission; or
      2. Using specific contracts approved by the European Commission that gives personal data the same protection it has in the EEA.
    3. Personal data relating to Users is stored on Microsoft Azure Cloud infrastructure and on servers in Europe. If you would like more information regarding the appropriate safeguards we have put in place for transfer of personal data outside of the EEA, please contact our DPO using the details set out at the beginning of this policy.
  10. FINANCIAL INFORMATION
    1. We do not routinely process Personal Users' financial information.
    2. We do process Business Users' financial information (including personal data) regularly. We will only share such financial information with our third party processors in order to initiate and complete any orders placed on your account. All credit card transactions are processed with industry standard encryption through third party processors who only use your financial information and personal data for that purpose. All financial data and related personal data will not be shared by us with third parties except with your authorisation, or when necessary to carry out transactions requested by you with the understanding that such transactions may be subject to rules, terms, conditions and policies of a third party, or as required by law. All such information provided to a third party is subject to their terms and conditions.
  11. RETENTION OF PERSONAL DATA
    1. We store your personal data for different periods of time depending upon the purposes for which we collected it and we do not store your personal data for longer than is necessary to fulfil these purposes.
    2. We take into consideration a number of factors when we determine the appropriate retention periods for your personal data, including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by another means without having to process it.
    3. Please note that if you delete your Universal Login, or if your account is closed, deleted and/or terminated for any reason, we may retain your information to the extent this should be necessary to comply with legal, auditing or account obligations.
    4. We will automatically delete any User account which has not logged on for 3 years. If you would like details of our Data Retention Policy or more information about the criteria we use to decide retention periods, please contact our DPO using our details at the beginning of this policy.
  12. HOW WE PROTECT YOUR PERSONAL DATA
    1. As a provider of services relating to sensitive personal data, we take the security of your personal data very seriously. We have implemented a number of appropriate security measures (including physical, electronic and procedural measures) to safeguard your personal data from unauthorised access and disclosure. Whilst we will not set out full details here for security reasons, some of the measures include:
      1. Regular scanning of our systems to monitor vulnerabilities;
      2. One-way salted hash function to store personal data;
      3. Use of firewalls to help prevent unauthorised persons from gaining access to personal data;
      4. Background checks for all our employees;
      5. Only permitting authorised employees to access personal data, and only for permitted business functions.
      6. Tracking of employee logins and actions on our systems to ensure they are processing personal data in accordance with our policies;
      7. Putting agreements in place with third parties we work with to regulate the processing, security and confidentiality of data.
      8. Conducting Data Privacy Impact Assessments in accordance with the Working Party 29 Guidelines and the guidelines of the European Data Protection Board.
    2. Please note that the safety and security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to or use of our Platform, you are responsible for keeping this password confidential. You must not to share your password with anyone or allow anyone to use your account.
  13. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
    1. People who are in the European Union have the right to:
      1. ask that any inaccurate information we hold about them is corrected;
      2. ask that we stop using their personal data for certain purposes;
      3. ask that we delete personal data we hold about them (this applies only in certain circumstances);
      4. ask that we do not make decisions about them using completely automated means;
      5. ask us for details of the personal data we hold and process about them (this is usually called a subject access request);
      6. ask that we give them the personal data we hold about them, or (where technically feasible) that we give this personal data to a third party chosen by them, in a commonly-used machine-readable format;
      7. withdraw their consent; and
      8. complain to a Member States' supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required.
    2. To exercise any of the rights above please contact us using the details at the beginning of this policy. If you do so, please provide us with as much information as you can about the request you want to make to help us respond as soon as we can. You might need to provide us with proof of identity (for example a passport or driving licence) before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual.
    3. Please be aware that the above rights are not available to everyone all the time. Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights. You can read more about the rights that you have on the ICO Website: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
    4. We usually respond to data protection requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests. You will not usually have to pay a fee to exercise the rights above, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive or excessive; alternatively, we may refuse to comply with your request.
    5. Please note that we may need to process your personal data in order for us to respond to your request.
  14. CHOICES IN RELATION TO YOUR PERSONAL DATA
    1. As well as being able to exercise the above rights, we have outlined below some other examples of how you can exercise control and make choices regarding the personal data you provide to us.
    2. You can choose not to provide us with certain personal data, but that may result in you being unable to use certain features of our Platform because such information may be required in order for you to register as a User, pass verification procedures, login via the Universal Login, access third-party websites, purchase or request our services, ask a question, or initiate other transactions on our Platform.
    3. You may delete your Universal Login at any time. If you do so, your personal data and any and all other account related information will no longer be accessible by you. After deleting your Universal Login, if you want to create a new account, you will have to sign up again as none of the information you previously provided will have been saved. Please note that Personal Users will have to pass the age verification procedures again in order to be granted a new Universal Login, and Business Users would have to pass any client on-boarding procedures.
  15. COMPLAINTS PROCEDURE
    1. We regularly review this privacy policy and our compliance with its terms. Please feel free to direct any questions or concerns regarding this privacy policy to our Data Protection Officer using the details set out at the top of this policy.
    2. When we receive a formal written complaint, it is our policy to contact the complaining party regarding their concerns. We will cooperate with the appropriate regulatory authorities, including relevant data protection authorities, to resolve any complaints regarding the collection, use and disclosure of personal data that cannot be resolved by an individual and us.
    3. You also have the right to complain to a Member States' supervisory authority for data protection issues, as set out in paragraph 13.1.8.
  16. NO RIGHTS OF THIRD PARTIES
    1. This privacy policy does not create rights enforceable by third parties.
  17. NO CHILDREN
    1. Our Platform is not for use by persons under the age of 18 and we do not seek to collect personal data from children. If you become aware that your child has provided us with personal data, please contact us using the details set out at the beginning of this policy.
    2. If we become aware that a child has provided us with personal data, we will take steps to delete such data and terminate that person's account.
  18. CHANGES TO OUR PRIVACY POLICY
    1. We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at https://www.ageid.com/de/misc/privacy-policy, so you are aware of any changes.
    2. All changes are effective immediately and apply to all access to and use of the Platform thereafter. The updated version of our privacy policy supersedes any prior versions immediately upon being posted.
    3. If we change anything in our privacy policy, the date of change will be reflected in the "last modified date" below. You agree that you will periodically review this privacy policy and refresh the page when doing so. You agree to note the date of the last revision to our privacy policy. If the "last modified" date is unchanged from the last time you reviewed our privacy policy, then it is unchanged. If the date has changed that means that there have been changes.
Last Modified: 16 JULY 2019

Other versions: