VerifyMy: Privacy Policy for age assurance for Google.
Updated June 2024
1. Who we are and summary of how we use your data
a) VERIFYMY LIMITED (T/A VerifyMy) operates www.verifymyage.com (“Site”), an age assurance solution. We are a limited company registered in England & Wales under company number 12050874 and ICO registration number ZA529836.
b) We conduct age assurance checks for Google LLC when you seek to access certain Google services (“Checks”). When we conduct these Checks, we collect and process your personal data for which we are a data controller. This means that we hold, manage and are responsible for your personal data in the ways described in this Privacy Policy and in line with data protection laws. More information is set out in sections 3 and 4.
c) Where we rely on your consent, such as for reviewing your email address against websites and apps where you’ve previously used this email address, you can withdraw this consent at any time. More information about your rights and how to exercise them is set out in section 10.
d) Personal data is shared with others including Google and third-party vendors. More information is set out in sections 6 and 7.
2. What is personal data?
Personal data is any information about you that enables you to be identified. In this case the only information that we collect and process about you is your email address and an estimation of whether you are above or below a certain age.
3. What data do we collect and how?
In order to perform our Checks, we receive your email address from Google. We use this to review against websites and apps where you’ve previously used this email address. We only conduct such a Check with your consent, you are asked for this when you request access to certain Google services.
4. How else do we use your personal data?
Other than conducting our Checks and providing the result to Google, we only use your personal data to detect or prevent fraud or other prohibited activities or as required by applicable legal requirements. When this happens it is on the basis of our legitimate business interests and legal obligations. We will not use your personal data to train our age inference model.
5. How long will we keep your personal data?
We and our partners will delete your personal data immediately as soon as the Check is complete and the result has been shared with Google.
6. Do we share your personal data?
Personal Data Category | Category of Recipient | Why? |
---|---|---|
Email Address | Trusted third parties, such as data aggregators | To allow them to run queries against websites and apps where you've previously used this email address. This allows us to estimate whether you are above or under a certain age. |
Email Address Age Estimation | Selected IT service providers | To operate and offer our services. The selected IT service providers support our Site and business systems. |
Email Address Age Estimation | As we are conducting the Checks for Google, we share the results of the Checks with Google. | |
Email Address Age Estimation | Law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities | We will share your personal data, as required, if we are involved in legal proceedings or need to comply with legal obligations, a court order, or the instructions of a government authority. |
a) When any of your personal data is shared with a third party, as described above, we take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. We ensure that such third parties are contractually bound to meet these requirements.
b) Where any personal data is transferred outside of the UK or EEA, we will also ensure that your personal data is treated just as safely and securely as it would be within the UK or the EEA under data protection laws. To ensure this, we have put in place appropriate safeguards (such as reliance on adequacy decisions and regulator approved standard contractual terms for example, the International Data Transfer Agreement in the UK) in accordance with applicable legal requirements to provide adequate protection for your personal data. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us as set out at section 10 below.
7. How and where do we store your personal data?
Whilst completing the Check, all personal data that is stored by us is done so within the EEA.
8. How do we protect your personal data?
We implement physical, technical, and organisational security measures designed to safeguard the personal data we process as part of the Checks, such as high-end cryptography to protect customers’ data. All data is encrypted at rest and in-transit using a combination of 256-bit encryption and hashing algorithms. These measures are aimed at providing on-going integrity and confidentiality for your personal data. We evaluate and update these measures on a regular basis.
9. What are your rights?
a) If applicable, under the EU and UK data protection laws, you may have the following rights:
- The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 10.
- The right to access the personal data we hold about you and receive a copy of such data.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. As we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time. Any withdrawal of consent will apply to any future processing of personal data (and not any personal data processed before any withdrawal of consent).
- The right to data portability. This means that you can ask us for a copy of that personal data to re-use with another service or business.
- If you live in France, the right to instruct us on the processing (retention, deletion, and disclosure) of the personal data after your death. You can change or revoke such instructions at any time.
b) These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
c) To exercise any of the rights outlined above, please contact us using the details provided in section 10. There is not normally any charge for making a request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
d) We will respond to your request within a month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
e) If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the data protection regulator. In the UK, this is the Information Commissioner’s Office, https://ico.org.uk/. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in section 10.
10. How do you contact us?
To contact us about anything to do with your personal data and data protection, including to make requests or exercise any rights you may have, please use the following details:
By email:
[email protected]
By post:
VERIFYMY LIMITED
Unit 213 The Frames
1 Phipp Street
London
England
EC2A 4PS
11. Changes to this Privacy Policy
a) We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects how your personal data is protected.
b) Any changes will be posted on our Site. We recommend that you check this page regularly to keep up-to-date.
c) This Privacy Policy was last updated June 2024.