Privacy policy

All Policies

Our approach

We value your data privacy.

Whether you’re streaming a movie on your smartphone or buying groceries from your web browser, your personal information – from your email address to your credit card details – is being held and processed by more and more companies and organisations online. This means we can all enjoy faster, more convenient and cost-effective services, but it also means your information can be vulnerable to theft or misuse.

When it comes to online services and transactions, there is no such thing as a foolproof cyber security plan, but the risk of data loss or theft can be significantly reduced through the diligent implementation of risk-based business practices; including investing in suitable staff training and IT infrastructure, as well as submitting to regular independent IT and data protection audits. Not every company, however, has the same level of cyber security in place, which is why the UK Data Protection Act 2018 which implemented the EU General Data Protection Regulation (GDPR), gave individuals new and enhanced rights over how their personal information is used, as well as new responsibilities to the companies handling your data.

At Amiqus, we provide software as a service and so we must adhere to strict rules about how we collect, handle and store your personal information. Our team has chosen to make privacy a core value of our business practice and, therefore, upholding your privacy and protecting your personal data will always be our priority.

Definitions

When reading our Amiqus privacy policy, it may be useful to note that the law differentiates between a data controller, an organisation that determines the purposes and means by which your personal data is processed, and a data processor, an organisation that processes data on behalf of the controller.

Amiqus acts as the data controller of some of your personal information if you are:

  • A client
  • An employee
  • A visitor to our website

Amiqus acts as the data processor of some of your personal information if you are:

  • Subject to an Amiqus check

When subject to an Amiqus check, your professional service adviser – the company or firm requesting the check – is the data controller of your personal information and you should therefore refer to their company privacy policies first.

If you have any questions about the Amiqus privacy policy you are welcome to contact our Data Protection Lead at [email protected], or if you’d like further information about your data rights, the Information Commissioner’s Office provides excellent information.

Who we are

  • Amiqus Resolution Ltd
  • Company Registration Number: SC511150
  • Data Protection Registration Number: ZA136760
  • Company Registered Address: 3rd floor, Citypoint, 65 Haymarket Terrace, Edinburgh, EH12 5HD

In this policy ‘Amiqus’‘we’‘us’ or ‘our’ refers to:

We are an award-winning tech for good company selling software as a service and you can learn more about our team and our values on our website. Privacy is one of our core business values and we take protecting your data very seriously, so if you have any concerns about how we use your data, do not hesitate to contact us at the details below.

Your rights

Under UK data protection law, you have certain rights regarding how any company or organisation holds personally identifying information about you. Personally identifying information is defined as any information that could potentially identify you as an individual, directly or indirectly by reference to an identifier such as a name, email address, national insurance number or details associated with a bank account.

Below we have set out some of the most relevant rights you have in relation to engaging with our business, but, if you would like further information, we recommend consulting the impartial Information Commissioner’s Office.

Right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.

Right of rectification

You have the right to ask us to rectify information you think is inaccurate, for example, your email address or other personally identifying information. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.

Right of erasure

You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.

Right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.

Right of data portability

If we are processing your personally identifying information (i) based on your consent, or in order to enter into or carry out a contract with you and (ii) the processing is being done by automated means, you have the right to ask us to provide that information to you or another service provider in a machine-readable format. You can read more about this right here.

Right to object to data processing

You have the right to object to your personal data being processed if we are doing this on the lawful basis of legitimate interests. In these circumstances, we will consider your request in relation to our legitimate reasons for continuing to process your information. You have an absolute right to object to direct marketing. If you wish to opt-out of receiving marketing materials from us, please contact us at any time.

Please note that exceptions apply to a number of these rights and not all rights will be applicable in all circumstances, but we will always respond to any request related to your rights within a month. If we are unable to do so, we will inform you of the reasons for the delay. You are not required to pay any charge for exercising your rights.

If you have specific questions, or wish to exercise any of these rights please contact us using the contact details below.

How to contact us

If you have any questions about this privacy policy or wish to exercise your rights please contact us by email, by post or by phone. We look forward to hearing from you.

Data Protection Team
Amiqus Resolution Ltd
3rd floor, Citypoint,
65 Haymarket Terrace,
Edinburgh,
EH12 5HD

0131 5139757
[email protected]

Please note that our Data Protection Officer is Thorntons Law LLP who can be contacted at [email protected]

Our role as a data controller

We act as a data controller, determining the purpose and means of how some of your personally identifiable information is collected, processed and stored in the circumstances listed below. All personally identifiable information is used and held in accordance with our privacy and security policies.

Our role as a data processor

We act as a data processor on behalf of professional service firms, our clients.

If you have been asked to undergo an Amiqus check, your professional service adviser - the company or firm requesting you undertake the check - is the data controller of your personal data and you should therefore refer to their company privacy policies first.

Our clients may instruct us to facilitate Amiqus checks on you which will involve collecting your personal data. When we carry out such Amiqus checks we process personal data in accordance with and for the purpose of with the agreement we have in place with our client. Types of personal data we process during these out Amiqus checks include:

  • name, date of birth, contact details (i.e. phone number and email address), address history, employment vetting and screening data, ID documents (including images of these);
  • special category data (i.e. passport images, photos/videos of your face and political information about you) as part of the Amiqus checks;
  • criminal history check information (i.e. indicative notice of disclosure and client notes about disclosures).

We process such personal data in accordance with this privacy policy, the agreement we have in place with the client, the Data Processing Statement presented to you prior to uploading your information and applicable data protection laws. Amiqus will not process your data for any marketing-related purposes as we are not instructed to do so by the data controller. All data stored by Amiqus is within a primary EU location and backed up by servers located in the UK.

Photo ID verification checks and biometric data

If asked to complete a Photo ID verification check you may be asked to allow access to the camera and microphone on your device. This is to allow you to capture images and/or video of your document and face to fulfil the check.

If our client requires a Facial similarity check as part of a Photo ID verification check, the captured images/or video of your face will be used for facial recognition purposes (i.e. a digital comparison is made between the image/video of your face and your ID documents to recognise and verify it’s you).

If you are required by our client to verify a biometric passport, you will be directed to download the Amiqus mobile app from the Apple App Store or Google Play Store. In the app, you will be asked to allow access to the camera and microphone on your device and to scan the passport’s near-field communication (NFC) chip using your mobile’s NFC scanner. This is to allow you to capture images and/or video of your document and face, as well as verify the data stored in the document’s NFC chip, to fulfil the check. To verify your identification documents and carry out the facial recognition check we use the services of third-party supplier Onfido Limited.

Keeping your information safe

Handling your personal information with respect and transparency is an essential part of upholding your data privacy. At Amiqus, we therefore work to exceed the minimum requirements set by the UK government’s cyber security accreditation scheme Cyber Essentials Plus; we are voluntarily certified by NQA to the ISO/IEC 27001:2013 standard and we are a member of Cisp, the National Cyber Security Centre cyber threat-sharing platform, which provides ongoing analysis, reporting and monitoring of online activity at national level.

When you provide us with personally identifying information, we take steps to ensure that appropriate cybersecurity and organisational controls are in place to protect it. These include:

Data encryption

We encrypt data using industry standard algorithms throughout all verification steps. This means that any data input to our systems for verification is securely sent and received. Data is also encrypted at rest when on our servers.

Access controls

Access to user data is tightly restricted to only the authorised requesting firm with enforced password standards, activity reporting and account throttling. All passwords are hashed using SHA-512 with over 10,000 rounds, and a 32-byte salt of random data.

Please note that you are responsible for keeping any password which enables you to access Amiqus confidential and we recommend that you use the added security of two-factor authentication when accessing any Amiqus account.

Monitoring

All of our web traffic is encrypted over TLS /SSL and protected by Certificate Pinning to prevent man in the middle attacks. Our security team monitor and carry out daily automated vulnerability scanning across all of our systems and infrastructure.

Third parties

We use a number of carefully selected third parties to help provide our services to you. We expect these third parties to uphold security policies that adhere to the same requirements we ourselves impose.

When we use a third-party (a data processor) to process personal data, we enter into a written contract and data processing agreement to ensure that they fulfil the obligations of the data protection law.

If we are requested to share sensitive information by law enforcement, we will do so in accordance with our obligations under UK law.

Security policies

Amiqus has developed a set of security policies for our team and partners. Further information about these security policies can be made available upon request.

Keeping your information up-to-date

We want to ensure all personally identifying information is kept accurate and up-to-date. Should your details change, please do not hesitate to contact us using the contact details above.

Changes to this policy

As our business changes and grows, we reserve the right to update this privacy policy to reflect our most current business practices.

How to complain

Please report any complaint to Amiqus Data Protection Team using the contact details above and we will work to resolve any question or concern that you wish to raise about our use of your information within a reasonable time period.

If we are unable to resolve your complaint, you may contact the Information Commissioner’s Office or by telephone at: 0303 123 1113.

Effective from 24/03/2022 Last reviewed 24/03/2023 Version 2.8