Usage Policy

1.1 Transparency

Customers must clearly inform individuals about the identity verification process, including what information will be collected, how it will be used, and who will have access to it. Transparency builds trust and ensures compliance with POPIA.

• Clearly explain the verification process to users
• Provide accessible privacy notices in plain language
• Disclose data sharing practices with third parties
• Make contact information readily available for privacy inquiries

1.2 Responsible Data Handling

Our customers must handle personal information with the highest level of care and security. This includes implementing appropriate technical and organisational measures to protect against unauthorised access, loss, or misuse.

• Implement robust data security measures
• Limit access to personal information on a need-to-know basis
• Regularly review and update security practices
• Report data breaches promptly to affected individuals and authorities

1.3 Privacy by Design

Privacy considerations must be integrated into all verification processes from the outset. This means collecting only necessary information, minimising data retention, and providing individuals with meaningful control over their personal information.

• Collect only data necessary for the stated purpose
• Implement data minimisation practices
• Enable user control over personal information
• Design systems with privacy safeguards built-in

2.1 Mandatory Disclosure

Individuals must be informed about the following before their personal information is collected or processed:

• The purpose of identity verification
• Types of documents and biometric data to be collected
• How personal information will be processed and stored
• Who will have access to the information
• Data retention periods
• Rights to access, correct, or delete personal information
• Contact details for privacy-related inquiries

2.2 Biometric Data Collection

Special care must be taken when collecting biometric data, including facial images and document scans. Users must be explicitly informed about:

• The requirement to provide a "live selfie" or photograph
• How facial recognition technology will be used
• Whether biometric templates will be stored or processed
• Security measures protecting biometric data

2.3 Sample Consent Language

We recommend using clear, accessible language when obtaining consent. Here are sample consent statements in English and Afrikaans:

3.1 South African Law Compliance

All customers operating in South Africa must comply with applicable local laws, including but not limited to:

• Protection of Personal Information Act (POPIA): Comprehensive data protection requirements
• Financial Intelligence Centre Act (FICA): KYC and AML compliance obligations
• Electronic Communications and Transactions Act (ECTA): Electronic document requirements
• Promotion of Access to Information Act (PAIA): Information access rights
• Consumer Protection Act (CPA): Consumer rights and fair business practices

3.2 International Operations

Customers operating across multiple jurisdictions must ensure compliance with all applicable data protection and privacy laws in each jurisdiction where they collect or process personal information.

• Research and comply with local data protection requirements
• Implement appropriate cross-border data transfer mechanisms
• Respect varying consent and notice requirements
• Maintain documentation of legal compliance efforts

3.3 Regulatory Cooperation

Customers must cooperate with regulatory authorities and law enforcement agencies as required by law, while maintaining appropriate protections for personal information.

4.1 Minimum Age Requirements

Verify Now services must not be used to collect or process personal information from individuals under the age of 18 without appropriate parental consent. Special protections apply to children's personal information.

4.2 Detection and Response

If customers discover that personal information has been collected from a minor without proper consent, they must:

• Immediately notify Verify Now of the incident
• Cease all processing of the minor's personal information
• Securely delete the information unless retention is required by law
• Implement measures to prevent future incidents
• Report the incident to parents/guardians and relevant authorities as required

4.3 Parental Rights

Parents and guardians have enhanced rights regarding their children's personal information, including the right to access, correct, and request deletion of their child's information at any time.

5.1 Security Requirements

Customers must implement appropriate technical and organisational measures to protect personal information processed through Verify Now services:

• Encryption of personal data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and updates
• Staff training on data protection practices
• Incident response and breach notification procedures

5.2 Breach Notification

In the event of a personal data breach, customers must notify Verify Now within 24 hours and affected individuals within 72 hours, in accordance with POPIA requirements.

7.1 Regular Audits

Verify Now reserves the right to conduct periodic audits of customer practices to ensure compliance with this Usage Policy and applicable data protection laws.

7.2 Violation Response

Violations of this Usage Policy may result in:

• Warning notices and required corrective action
• Suspension of services pending remediation
• Termination of customer relationship
• Reporting to relevant regulatory authorities