Privacy Policy

Definitions

Otem is part of Edusensys Ltd which is registered in England & Wales under company number 11339126. Edusensys Ltd which is registered with the Information Commissioner's Office under registration reference ZA637097. 

“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679);

“Personal Data” means information that can be used to uniquely identify a single person;

“Website” means the website at otem.co.uk or otem.uk

1. OUR APPROACH TO PRIVACY

Otem (“Otem,” “we,” “our,” or “us”) is committed to protecting your privacy.

Otem provides web and/or mobile software and services to vet and verify the identities and credentials of individuals (the “Service”) which are deployed on the third party sites belonging to our customers (“Customers”).

This Privacy Policy explains how we collect, use, and disclose data that identifies or is associated with you (“personal information”) when you visit our website (www.otem.co.uk) (“Site”) or use the Service (collectively, our “Otem Services”).

This Privacy Policy applies to the information we collect from visitors to our Site (“Visitor Data”), information we collect about our customers (“Customer Data”), and the information we collect from our users when the user interacts with the Service on one of our Customers’ websites (“User Data”).

Before accessing or using our Otem Services, please ensure that you have read and understood our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Website Terms of Use (governing your use of the Site) and User Terms of Service (governing your use of the Service).

With the exception of certain categories of User Data (as detailed in section 2 below), Otem is the controller responsible for the personal information we hold about you. If you have a question about this Privacy Policy or how we use information collected about you, we encourage you to contact us using the details set out in section 10 below.

2. WHAT INFORMATION DO WE COLLECT AND FOR WHAT PURPOSE?

Customer Data

We collect personal information when you voluntarily submit information to us. This can include information you provide to us when you register for a Customer account, fill in a form, respond to surveys, sign up for our mailing list, or otherwise communicate with us or provide information to Otem.

If you choose not to provide personal information, we will not be able to provide you the Service or respond to or fulfil your other requests.

The table below sets out the categories of personal information we collect about you and how we use that information. The table also lists the legal basis which we rely on to process the personal information.

Category of information

How we use it

Legal basis for processing

Contact information and basic personal details. Such as your name, phone number, physical address, email address.

We use this information to operate, maintain and provide to you the features and functionality of the Service.

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract (namely the SaaS Services Agreement between Customer and Otem).

We use this information to communicate directly with you to respond to your queries (for example, support requests) and to send Service-related emails (for example, account verification, change or updates to features of the Service, or technical and security notices).

This processing is necessary for our legitimate interests, namely, administering the Service and communicating with you in connection with the Service.

We use this information to send you news, alerts and marketing communications in accordance with your preferences.

We will only process your personal information in this way to the extent you have given us consent to do so.

Payment and transaction information. Payment information, such as the credit or debit card details; transaction information such as the Service purchased, date and time of the transaction.

We use this information to facilitate transactions. Note we use a third party payment provider that collects your credit or debit card details on our behalf; we do not store that information.

The processing is necessary for the performance of a contract and to take steps prior to entering into a contract (namely the SaaS Services Agreement between Customer and Otem).

Correspondence and comments. When you contact us directly, e.g. by email, phone, mail, when you respond to customer surveys or when you interact with customer service, we will record your comments and opinions.

To address your questions, issues and concerns and to resolve your customer service issues.

This processing is necessary for our legitimate interests, namely, administering the Service and communicating with you in connection with the Service.

All personal information set out above.

We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Service, to monitor and improve the Service and business and to help us develop new products and services.

The processing is necessary for our legitimate interests, namely to administer and improve the Service and our business.

User Data

Information you submit and that we receive from third parties

We collect personal information from you when you submit information to the Service when it is deployed on a Customer site or when a Customer provides a direct link to the Service. The information we collect could include your name, date of birth, phone number, email address, photo of your driver license, street address, and other identification documents or indicators. We use this information to operate, maintain and provide the features and functionality of the Service, including to verify your identity on our Customer sites.

We may also ask you to provide one or more photos of yourself at the request of our Customer. Otem uses facial recognition technology for verification and fraud detection purposes. Face geometry data will be used to match the photo on your identity document with the photo(s) taken of yourself. This face geometry data will be destroyed when the information is no longer needed for verification and fraud detection purposes, or within 3 years of your last interaction with our Customer, whichever comes first.

We may receive information about you from third parties, including from our Customers when they provide us with information about you. We may also collect information about you that is publicly available on behalf of our Customers.

Please note that the Customer (on whose site the Service is deployed or that has provided you with a direct link to the Service) is the controller of this personal information.

Information we collect automatically

We also collect information automatically about the way in which you use the Service deployed on the Customer site (“Service Usage Data”). We are the controller of the Service Usage Data. The table below sets out the Service Usage Data, how we use it and the corresponding leg

Category of information

How we use it

Legal basis for processing

Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and other such information.

We use this information to monitor and improve the Service, and for other internal purposes.

The processing is necessary for our legitimate interests, namely to improve our Service generally, to monitor and resolve issues and for other internal purposes.

Information about the way you access and use the Service, for example, for example, what options you choose, the number of attempts you make, how much time it takes you, and other actions you take while using the Service.

We use this information to monitor and improve the Service, and for other internal purposes.

The processing is necessary for our legitimate interests, namely to improve our Service generally, to monitor and resolve issues and for other internal purposes.

Information about your location, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate or infer a device’s location by analyzing other information, like an IP address.

We use this information to present the Service to you on your device and to enhance and personalize your experience on the Service.

The processing is necessary for our legitimate interests, namely to tailor the Service to you.

We use this information to monitor and improve the Service, and for other internal purposes.

The processing is necessary for our legitimate interests, namely to improve our Service generally, to monitor and resolve issues and for other internal purposes.

Visitor Data

We automatically collect information about how you use and browse our Site and the device you use to access the Site. We typically collect this information through a variety of cookies and similar technologies, including web beacons, embedded scripts, location-identifying technologies, and file information. Please refer to section 3 below for more information on cookies and other tracking technologies that we use.

The table below sets out the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information.

Category of information

How we use it

Legal basis for processing

Information about your device and its software, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and other such information.

We use this information to present the Site to you on your device and to enhance and personalize your experience on the Site.

The processing is necessary for our legitimate interests, namely to tailor the Site to you.

We use this information to monitor and improve the Site, and for other internal purposes

The processing is necessary for our legitimate interests, namely to improve our Site generally, to monitor and resolve issues and for other internal purposes.

Information about the way you access and use our Site, for example, the site from which you came and the site to which you are going when you leave our Site, the pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Site from multiple devices, and other actions you take on the Site.

We use this information to present the Site to you on your device and to enhance and personalize your experience on the Site.

The processing is necessary for our legitimate interests, namely to tailor the Site to you.

We use this information to monitor and improve the Site, and for other internal purposes

The processing is necessary for our legitimate interests, namely to improve our Site generally, to monitor and resolve issues and for other internal purposes.

Information about your location, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate or infer a device’s location by analyzing other information, like an IP address.

We use this information to present the Site to you on your device and to enhance and personalize your experience on the Site.

The processing is necessary for our legitimate interests, namely to tailor the Site to you.

We use this information to monitor and improve the Site, and for other internal purposes

The processing is necessary for our legitimate interests, namely to improve our Site generally, to monitor and resolve issues and for other internal purposes.

3. COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies and similar technologies to provide you with a good experience when using the Otem website and to allow us to improve the Otem services. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes. We use the following types of cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the Otem Services. They include, for example, cookies that enable you to log into secure areas.

  • Analytical/performance cookies. They allow us to recognise and count the number of visitors/users and to see how visitors/users move around the Otem Services when they are using them. This helps us to improve the Otem Services, for example, by ensuring that visitors/users are finding what they are looking for easily. We may use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Otem Services and to understand more about the demographics of our visitors/users. You can learn more about Google’s practices at https://www.google.com/policies/privacy/partners , and view its currently available opt-out options at https://tools.google.com/dlpage/gaoptout .

  • Functionality cookies. These are used to recognise you when you return to the Otem Services. This enables us, for example, to personalise our content for you, greet you by name and remember your preferences (such as your choice of language or region).

The cookies we use are designed to help you get the most from the Otem Services but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of the Otem Services. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.

If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org or www.aboutcookies.org 

Although we do our best to honor the privacy preferences of our users, we are unable to respond to Do Not Track signals set by your browser at this time.

4. SHARING OF YOUR INFORMATION

We may share your personal information in the instances described below. For further information on your choices regarding your information, see the “Control Over Your Information” section below.

We may share User Data with:

  • The Customer when you interact with the Service deployed on that Customer’s site or service. We may share all or a portion of your personal information with the Customer, which may include your name, date of birth, phone number, email address, driver license information/documents and other identity information you provide. In some instances, we may only share Verification Results with the Customer with no other personal information about you. Otem is not responsible for how the Customers that users choose to share their personal information with use and share that information. Otem is not responsible for the sites and services provided by our Customers. We recommend reviewing the Customer’s privacy policy and terms before providing personal information to the Customer.

We may share all personal information that we collect with:

  • Third-party vendors and other service providers that perform services on our behalf, as needed to carry out their work for us, which may include hosting, payment processing, email, phone, and other risk service providers.

  • Other companies and brands owned or controlled by Otem and other companies owned by or under common ownership as Otem, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this Privacy Policy.

  • Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings.

  • Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Website Terms of Use and User Terms of Serviceor to protect the security or integrity of the Otem Services; and/or (c) to exercise or protect the rights, property, or personal safety of Otem, our visitors, or others.

We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.

5. CONTROL OVER YOUR INFORMATION

Modifying Customer account information. If you have an account with us, you have the ability to modify certain information in your account (e.g., your contact information) through your “Account” settings. If you have any questions about modifying or updating any information in your account, please contact us at privacy@otem.co.uk

Accessing and modifying User Data. You may update the User Data that Otem has collected from or about you, such as you name, mobile phone number and email address by contacting the Customer through which it was provided. Should you be unable to do so, please email us at privacy@otem.co.uk

6. HOW WE STORE AND PROTECT YOUR INFORMATION

Data storage and transfer: Your information collected through the Otem Services may be stored and processed in the United Kingdom or any other country in which Otem or its affiliates or service providers maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from UK law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, including the UK or any other country in which Otem or its parent, subsidiaries, affiliates, or service providers maintain facilities. These international transfers of your personal information are made pursuant the appropriate safeguards (such as the standard data protection clauses adopted by the European Commission). If you wish to enquire further about these safeguards, please contact us using the details set out at section 10 below.

Keeping your information safe:  We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through the Otem Services. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Retention of your information. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.

7. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

In accordance with applicable privacy law, if you are in the UK, Switzerland or the EU/EEA  you have the following rights in respect of personal information that we hold about you contained in the Customer Data, Visitor Data and, to the extent we act as a controller (as described in section 2 above), the User Data:

  • Right of access. You have the right to obtain access to your personal information along with certain information.

  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.

  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.

  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.

  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

  • Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

If you wish to exercise one of these rights, please contact us as privacy@otem.co.uk

You also have the right to lodge a complaint to your national data protection authority. Further information about how to contact your local data protection authority is available at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Residents in other jurisdictions may also have similar rights to the above. Please contact us using the contact details at section 10 below if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.

8. CHILDREN’S PRIVACY

Otem does not knowingly collect or solicit any information from anyone under the age of 16 on the Otem Services. In the event that we learn that we have inadvertently collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 16, please contact us at privacy@otem.co.uk

9. LINKS TO OTHER WEBSITES AND SERVICES

The Otem Services may contain links to and from third-party websites of our business partners, advertisers, and social media sites and our users may post links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third-party sites.

10. HOW TO CONTACT US

If you have any questions about this Privacy Policy or the Otem Services, please contact us at privacy@otem.co.uk

11. CHANGES TO OUR PRIVACY POLICY

We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, so you should review this page periodically. When we change the policy in a material manner, we will let you know and update the ‘last modified’ date at the bottom of this page. If you object to any changes, you may close your account. Continuing to use the Otem Services after we publish changes to this Privacy Policy means that you are consenting to the changes.

Acceptance of this Policy

By using the Website you signify your acceptance of this Privacy Policy. If you do not accept this Policy, you should leave the Website. Otem may change this Privacy Policy at any time by posting a revised version via the Privacy Policy links on the Website. We recommend that you frequently check for updates. Continued use of the Website following the posting of any changes will signify your acceptance of those changes.

Our commitment to privacy and security

  • User-submitted data is encrypted both in transit and at rest and stored securely on Google Cloud Platform

  • Our customers set data retention policies and specify how long to keep data before it is permanently deleted from our servers.

  • All Otem employees undergo background checks prior to being hired and are trained on security best practices during onboarding.

  • Our internal dashboards provide Role Based Access Controls (RBAC) to limit access following the principle of least privilege. 

  • We undergo regular security assessments and penetration tests by third-party auditors and security experts.

Otem helps businesses validate your identity online.
Otem is an identity verification and fraud deterrence platform headquartered in the United Kingdom. Images of your photo ID and your selfie image will be securely processed and stored by Otem on our customers’ behalf. Only a limited number of individuals will have access to review any user-submitted data for the purpose of verifying user identity online.

Otem does not sell any user-submitted data.
Our customers set data retention policies and specify how long to keep data before it is permanently deleted from our systems. Otem uses Google Cloud Platform to store your data which is encrypted both in transit and at rest. Otem maintains a robust security policy.

Contact Security

If you believe you’ve found a security vulnerability in Otem, please get in touch at privacy@otem.co.uk

We will get back to you as quickly as possible. We ask that you do not publicly disclose the issue until it has been addressed by Otem.

Ready to dive in?Try your first onboarding for free