Our approach
We value your data privacy.
Whether you’re streaming a movie on your smartphone or buying groceries from your web browser, your personal information – from your email address to your credit card details – is being held and processed by more and more companies and organisations online. This means we can all enjoy faster, more convenient and cost-effective services, but it also means your information can be vulnerable to theft or misuse.
When it comes to online services and transactions, there is no such thing as a foolproof cyber security plan, but the risk of data loss or theft can be significantly reduced through the diligent implementation of risk-based business practices; including investing in suitable staff training and IT infrastructure, as well as submitting to regular independent IT and data protection audits. Not every company, however, has the same level of cyber security in place, which is why the UK Data Protection Act 2018 which implemented the EU General Data Protection Regulation (GDPR), gave individuals new and enhanced rights over how their personal information is used, as well as new responsibilities to the companies handling your data.
At Amiqus, we provide software as a service and so we must adhere to strict rules about how we collect, handle and store your personal information. Our team has chosen to make privacy a core value of our business practice and, therefore, upholding your privacy and protecting your personal data will always be our priority.
Definitions
When reading our Amiqus privacy policy, it may be useful to note that the law differentiates between a data controller, an organisation that determines the purposes and means by which your personal data is processed, and a data processor, an organisation that processes data on behalf of the controller.
Amiqus acts as the data controller of some of your personal information if you are:
- A client
- An employee
- A visitor to our website
Amiqus acts as the data processor of some of your personal information if you are:
- Subject to an Amiqus check
When subject to an Amiqus check, your professional service adviser – the company or firm requesting the check – is the data controller of your personal information and you should therefore refer to their company privacy policies first.
If you have any questions about the Amiqus privacy policy you are welcome to contact our Data Protection Lead at [email protected], or if you’d like further information about your data rights, the Information Commissioner’s Office provides excellent information.
Who we are
- Amiqus Resolution Ltd
- Company Registration Number: SC511150
- Data Protection Registration Number: ZA136760
- Company Registered Address: 3rd floor, Citypoint, 65 Haymarket Terrace, Edinburgh, EH12 5HD
In this policy ‘Amiqus’, ‘we’, ‘us’ or ‘our’ refers to:
We are an award-winning tech for good company selling software as a service and you can learn more about our team and our values on our website. Privacy is one of our core business values and we take protecting your data very seriously, so if you have any concerns about how we use your data, do not hesitate to contact us at the details below.
Your rights
Under UK data protection law, you have certain rights regarding how any company or organisation holds personally identifying information about you. Personally identifying information is defined as any information that could potentially identify you as an individual, directly or indirectly by reference to an identifier such as a name, email address, national insurance number or details associated with a bank account.
Below we have set out some of the most relevant rights you have in relation to engaging with our business, but, if you would like further information, we recommend consulting the impartial Information Commissioner’s Office.
Right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Right of rectification
You have the right to ask us to rectify information you think is inaccurate, for example, your email address or other personally identifying information. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Right of erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Right of data portability
If we are processing your personally identifying information (i) based on your consent, or in order to enter into or carry out a contract with you and (ii) the processing is being done by automated means, you have the right to ask us to provide that information to you or another service provider in a machine-readable format. You can read more about this right here.
Right to object to data processing
You have the right to object to your personal data being processed if we are doing this on the lawful basis of legitimate interests. In these circumstances, we will consider your request in relation to our legitimate reasons for continuing to process your information. You have an absolute right to object to direct marketing. If you wish to opt-out of receiving marketing materials from us, please contact us at any time.
Please note that exceptions apply to a number of these rights and not all rights will be applicable in all circumstances, but we will always respond to any request related to your rights within a month. If we are unable to do so, we will inform you of the reasons for the delay. You are not required to pay any charge for exercising your rights.
If you have specific questions, or wish to exercise any of these rights please contact us using the contact details below.
How to contact us
If you have any questions about this privacy policy or wish to exercise your rights please contact us by email, by post or by phone. We look forward to hearing from you.
Data Protection Team
Amiqus Resolution Ltd
3rd floor, Citypoint,
65 Haymarket Terrace,
Edinburgh,
EH12 5HD
0131 5139757
[email protected]
Please note that our Data Protection Officer is Thorntons Law LLP who can be contacted at [email protected]
Our role as a data controller
We act as a data controller, determining the purpose and means of how some of your personally identifiable information is collected, processed and stored in the circumstances listed below. All personally identifiable information is used and held in accordance with our privacy and security policies.
For visitors to Amiqus websites and app
Amiqus will collect usage data such as IP address, length of visit and referral source, you cannot be identified from this information and it is only used to assist us in providing an effective service.
For Amiqus clients: the registered users of Amiqus
Amiqus will collect account data such as name and email address, with the source of this data being you for the purpose of operating our website, providing our services and maintaining back-ups of our databases and communication with you. The legal basis for this processing is primarily for the performance of any contract between yourself and Amiqus or taking steps at your request to enter into such a contract.
For Amiqus job applicants
Amiqus will collect personal information including but not limited to name, address, date of birth, professional qualifications and pre employment checks. Additionally, sensitive information including but not limited to marital status, nationality and gender will also be collected. We do this to comply with our legal obligations with regards to hiring and in line with the GDPR legal bases of consent and/or contract.
For Amiqus employment referees
Amiqus will collect information such as your name, company, your position held and relationship to the applicant. Additionally, we will ask for a contact number/ email address in relation to your role as voluntary referee throughout the application process. Confirming certain details of an applicant’s employment history with their consent is an essential part of our due diligence before offering a contract of employment.
For Amiqus employees
Amiqus will collect personally identifiable information and unique identifiers such as NI number, as well as sensitive and special category of personal information in compliance with legal requirements. We use this information for the administration of your employment contract, career progression and well-being.
Amiqus referral scheme
An individual has recently completed an Amiqus request, and provided us with your name and business email address to let you know about Amiqus’ services via our referral scheme.
For subscribers to Amiqus marketing
Amiqus will collect and process information you have chosen to provide us when signing up to receive updates.
Our role as a data processor
We act as a data processor on behalf of professional service firms, our clients.
If you have been asked to undergo an Amiqus check, your professional service adviser - the company or firm requesting you undertake the check - is the data controller of your personal data and you should therefore refer to their company privacy policies first.
Our clients may instruct us to facilitate Amiqus checks on you which will involve collecting your personal data. When we carry out such Amiqus checks we process personal data in accordance with and for the purpose of with the agreement we have in place with our client. Types of personal data we process during these out Amiqus checks include:
- name, date of birth, contact details (i.e. phone number and email address), address history, employment vetting and screening data, ID documents (including images of these);
- special category data (i.e. passport images, photos/videos of your face and political information about you) as part of the Amiqus checks;
- criminal history check information (i.e. indicative notice of disclosure and client notes about disclosures).
We process such personal data in accordance with this privacy policy, the agreement we have in place with the client, the Data Processing Statement presented to you prior to uploading your information and applicable data protection laws. Amiqus will not process your data for any marketing-related purposes as we are not instructed to do so by the data controller. All data stored by Amiqus is within a primary EU location and backed up by servers located in the UK.
Photo ID verification checks and biometric data
If asked to complete a Photo ID verification check you may be asked to allow access to the camera and microphone on your device. This is to allow you to capture images and/or video of your document and face to fulfil the check.
If our client requires a Facial similarity check as part of a Photo ID verification check, the captured images/or video of your face will be used for facial recognition purposes (i.e. a digital comparison is made between the image/video of your face and your ID documents to recognise and verify it’s you).
If you are required by our client to verify a biometric passport, you will be directed to download the Amiqus mobile app from the Apple App Store or Google Play Store. In the app, you will be asked to allow access to the camera and microphone on your device and to scan the passport’s near-field communication (NFC) chip using your mobile’s NFC scanner. This is to allow you to capture images and/or video of your document and face, as well as verify the data stored in the document’s NFC chip, to fulfil the check. To verify your identification documents and carry out the facial recognition check we use the services of third-party supplier Onfido Limited.
Keeping your information safe
Handling your personal information with respect and transparency is an essential part of upholding your data privacy. At Amiqus, we therefore work to exceed the minimum requirements set by the UK government’s cyber security accreditation scheme Cyber Essentials Plus; we are voluntarily certified by NQA to the ISO/IEC 27001:2013 standard and we are a member of Cisp, the National Cyber Security Centre cyber threat-sharing platform, which provides ongoing analysis, reporting and monitoring of online activity at national level.
When you provide us with personally identifying information, we take steps to ensure that appropriate cybersecurity and organisational controls are in place to protect it. These include:
Data encryption
We encrypt data using industry standard algorithms throughout all verification steps. This means that any data input to our systems for verification is securely sent and received. Data is also encrypted at rest when on our servers.
Access controls
Access to user data is tightly restricted to only the authorised requesting firm with enforced password standards, activity reporting and account throttling. All passwords are hashed using SHA-512 with over 10,000 rounds, and a 32-byte salt of random data.
Please note that you are responsible for keeping any password which enables you to access Amiqus confidential and we recommend that you use the added security of two-factor authentication when accessing any Amiqus account.
Monitoring
All of our web traffic is encrypted over TLS /SSL and protected by Certificate Pinning to prevent man in the middle attacks. Our security team monitor and carry out daily automated vulnerability scanning across all of our systems and infrastructure.
Third parties
We use a number of carefully selected third parties to help provide our services to you. We expect these third parties to uphold security policies that adhere to the same requirements we ourselves impose.
When we use a third-party (a data processor) to process personal data, we enter into a written contract and data processing agreement to ensure that they fulfil the obligations of the data protection law.
If we are requested to share sensitive information by law enforcement, we will do so in accordance with our obligations under UK law.
Security policies
Amiqus has developed a set of security policies for our team and partners. Further information about these security policies can be made available upon request.
Keeping your information up-to-date
We want to ensure all personally identifying information is kept accurate and up-to-date. Should your details change, please do not hesitate to contact us using the contact details above.
Changes to this policy
As our business changes and grows, we reserve the right to update this privacy policy to reflect our most current business practices.
How to complain
Please report any complaint to Amiqus Data Protection Team using the contact details above and we will work to resolve any question or concern that you wish to raise about our use of your information within a reasonable time period.
If we are unable to resolve your complaint, you may contact the Information Commissioner’s Office or by telephone at: 0303 123 1113.