Privacy Policy
Introduction
Last updated: 22 August 2023
This Privacy Policy explains how Simprints Technology Ltd (henceforth Simprints) collects, handles, and stores your personal data as applicable to our Services, including this website. We are profoundly committed to being transparent, open, and ethical in our practices.
Simprints has customizable Privacy Notices inbuilt into our Simprints ID (SID) mobile application that Controllers can upload and amend as appropriate.
Definitions
In this Privacy Policy, a reference to:
‘Controller’ means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of person data” as per UK GDPR Article 4(7)
‘Funder’ means any person or entity providing financial support to our Services
‘Our’ means belonging to Simprints
‘Partner’ means any person or entity that Simprints has an agreement or collaborates with either in-country or at an international level
‘Processor’ means the “natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” as per UK GDPR Article 4(8)
‘User’ means any person who has login credentials to our SID mobile application or who deploys either our Vero 1.0 or Vero 2.0 devices
‘We’ means any intern, consultant, part-time employee, or full-time employee at Simprints
‘You’ means including, but not limited to either a Beneficiary, Employee, Funder, Partner, SID Data Subject, User, or Visitor, as applicable.
Children - A Note to Parents, Legal Guardians, and Caregivers
Unless permitted by applicable law or consent has been given with clear affirmative action by parents, legal guardians, or caregivers, you must not permit any child under the age of 13 to access Simprints’ services.
If Simprints in its capacity as Controller learns that a minor has submitted personal data without consent from a parent, legal guardian, or caregiver, we will attempt to locate and delete the information within 30 days.
What Information Do We Collect and Process?
This may vary depending upon the project and its nature; the Controller’s identity will always be communicated to you as part of the consent statement, privacy notice, or other material given to you when you provide us with personal data. Regardless of our role, we take our responsibilities very seriously in protecting the privacy, confidentiality, and security of your personal data. We do not collect more personal data than we have to and will always have a valid reason and lawful basis for processing.
Data That We Control Where Simprints is the Controller, we will only collect and use your personal data in line with the original purpose. We strictly adhere to the data minimization principle and will not collect more personal information than we have to.
Simprints will verbally and in writing provide you with a Service-specific Privacy Notice at the point of in-person data collection. This will include the identity and role of any third parties involved in the project you are engaging with. Other than those partners (and our service providers) identified in these Service-specific Privacy Notices or this document, we will never share your personal data without your consent (unless required to by law) nor will we sell your information onto a third party.
Data Retention Period For Data That We Control Simprints will not retain your personal data for longer than is strictly necessary for us to achieve our original purpose unless required to by law. The data retention period and its criteria are dependent on the types of personal data, sensitivity, potential risks and the purpose for which it was provided.
Your personal data may be deleted before the data retention period if we receive a formal request for data deletion and that you have withdrawn consent for any future communication from Simprints.
Lawful Basis For Data That We Control
Depending upon the data we collect from you, Simprints and / or its partner may use a variety of routes in law - the ‘Lawful Basis’ - to process data that relates to you. This section outlines when these may be used.
General Information Lawful Basis: Consent or Legitimate Interests For example, Simprints may collect your personal data as part of your access and use of its Website, social media platforms, SID mobile application, Vero 1.0 or Vero 2.0 scanners, conversations or correspondence with its Employees, events registration, Simprints’ subscriptions such as external newsletters or publications, as well as information collected as part of a complaints mechanism or inquiry.
This may include, but is not limited to information such as your first and last name, email address, location data, SID metadata, consent, or cookie preferences. For detailed information on the cookies we use on our Website and their purposes, please see our Cookie Policy below.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various program activities in order to further work in Public Health, Development, and Sustainable Development Goals, and other commercial, research, and partnership objectives supporting this work.
Biometric Information Lawful Basis: Legitimate Interests or Public Task
Biometric data is more sensitive and therefore warrants extra protection in addition to a Separate Condition for Processing. Please see below:
| Special Condition for Processing | Purpose |
|---|---|
Health or Social Care | Some 850 million people are invisible in the eyes of the economy as they have no formal type of identification. Simprints can actively enrol individuals giving them a biometric ID, which helps them unlock access to life-saving healthcare treatment and services, as well as accurately identifying and verifying their identity in the future. This may for example include Maternal and Child Health Services. |
Public Health | Simprints is dedicated to strengthening areas of public health, especially serious cross-border threats to health such as malaria. With the new malaria vaccine for children, Simprints can help partners verify the delivery of vaccines and strengthen healthcare systems. |
Archiving, Research and Statistics | Simprints conducts research in order to improve service delivery and help strengthen technology for development efforts. |
Simprints SID mobile application and Vero 1.0 and Vero 2.0 scanners allow us to collect either / both biometric templates or / and images. We will always ask for your consent and inform you verbally and in writing in our Privacy Notice about what data is being collected, what our purpose and separate conditions for processing are, what our data retention period is, where we are storing your data, who our Sub-processors are, as well as your rights.
Where Simprints is the Controller, we will always give you the option of an alternative form of identification if you do not consent to your biometric information being taken, ensuring you can access essential services and programs.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various program activities in order to further work in Public Health, Development, and Sustainable Development Goals, and other commercial, research, and partnership objectives supporting this work - in particular, where the objectives of the project cannot be met without using biometric information which identifies the participants in question.
Financial Information Lawful Basis: Legitimate Interests Simprints relies on legitimate interest as its lawful basis to collect, process, and store business / financial information on our Partners, Funders, Sub-Processors, or Suppliers in order to be able to pay the entities or be paid by them for our Services. This may include, but is not limited to details of bank accounts and company representatives.
Recruitment and Employee Information Lawful Basis: Consent, Contract, or Legal Obligation Simprints holds personal data on past, current, and future employees in order to enter into employment contracts or because we have legal obligations to hold it for taxation purposes. This may include, but is not limited to education and previous employment details, proof of income, contact details, and details supporting mitigating circumstances.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various commercial, research, business, and partnership objectives supporting its work to further the implementation of the Sustainable Development Goals and undertake other programmatic work supporting the treatment of preventable health conditions, implementation of humanitarian aid or development assistance.
Data That We Process
Where Simprints is the Processor, we will only act on behalf of the written instructions of the Controller. Simprints is not responsible for how the Controller handles personal information collected through our Services, including compliance with UK GDPR or applicable law.
Metadata about ongoing projects may be used in either aggregated, pseudonymized or tokenized formats with the permission of the Controller. At the end of projects, this Metadata may be anonymised and used internally by Simprints to improve our Services.
How Do We Protect and Store Your Data?
Simprints is a registered UK-based entity and is therefore subject to the Data Protection Act 2018 and the UK GDPR, which regulate various aspects of its processing, including the security of processing. We take the security of your data very seriously, and implement an Information Security Management System which ensures that we apply the right controls - including independent security testing and encryption - which safeguard your data.
Our service providers such as Google have been certified compliant with ISO/IEC 27018 for Google Workspace and Google Cloud and meet high international standards.
Special category data, specifically the biometric data is encrypted end-to-end. Biometric data sent to our cloud for storage where only an authorized number of Simprints Employees have access. Data Transfers Simprints’ main information systems are located within either the USA (United States of America) or within Europe and accessed by Simprints’ Employees, who may be located in regional hub centres.
Where the Controller is located in a third country, personal data may sometimes be stored on local servers. Simprints may transfer personal data to entities in countries that are deemed to have an adequate level of protection (‘adequacy decision’) by the UK. In the absence of adequacy regulations for the transfer of personal data to a third country, Simprints will ensure that appropriate safeguards and enforceable rights are made available.
Simprints employs various third parties who may from time to time store, process, or analyse data. These for example include Google Cloud Platform, SurveyCTO, and Salesforce.
Simprints will not generally transfer data to other third parties - such as law enforcement, other implementation providers, etc - other than as required or permitted to by law or outlined in a Service-specific Privacy Notice. Where possible, if we are requested or compelled to transfer data to a third party for law enforcement or investigative purposes, we will contact you first.
Cookie Policy
Introduction This Cookie Policy explains how Simprints uses cookies on its Website. A cookie is a small block of data created by our web server when you are spending time on our Website, which gets stored on your browser.
Cookies help our Website to run properly and to collect anonymous site statistics that will help Simprints to improve its user experience and performance. For more information about Cookies, please visit http://www.allaboutcookies.org.
Third-party Cookies Please note that some of our pages display content from external providers, including but not limited to Twitter, YouTube, Linkedin, Webflow, Workable, and others. Simprints does not control how third-party cookies are used. Please refer to individual third-party cookie providers for more information about their Privacy and Cookie Policies.
Exercise Your Rights And Opt-out We strictly operate on an opt-in basis except for Essential cookies that are activated without your consent as they are necessary for our Website to properly and securely run.
If you do consent to non-essential cookies, but later change your mind, you can customize and withdraw your consent at any point in time (except for Essential cookies). Please click on the bottom left pop-up button, which will take you to the Privacy Preference Center where you can then select “Reject all cookies” or customize according to your preferences.
You can also disable cookies through your web browser. Please see the below links for more information on how to do this on the most commonly used browsers:
Changes to the Cookie Policy
Simprints may need to modify this Cookie Policy from time to time, especially in response to changes in legislation and best practices. We encourage you to periodically review this page to remain informed of our latest cookie practices. If you have any questions, concerns, or wish to receive further information, please contact our Data Protection Officer at privacy@simprints.com.
The Specific Cookies We Use
| Cookie Name | Provider | Purpose | Expiration |
|---|---|---|---|
_ga_QM838G5Z8X | Google Analytics | Used to persist session state | 2 years |
_ga | Google Analytics | Used to distinguish users | 2 years |
fs-cc | Webflow | Used for the consent pop-up | 6 months |
fs-cc-updated | Webflow | Used for the consent pop-up | 6 months |
What Are Your Rights to Your Personal Data?
The personal data is yours, not ours. Simprints will only do what you tell us we can do with your personal data and we will respect your preferences and instructions. Unless the law tells us that we have to act differently, we will always abide by your preferences.
The rights of Data Subjects are qualified, but we aim to respond to requests to access and correct (if necessary) any personal data without undue delay. These rights include:
The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
You also have the right to complain about the use and treatment of your data - both to our Data Protection Officer, and also to an independent regulator such as the Information Commissioner’s Office in the UK.
Please contact our Data Protection Officer at privacy@simprints.com if you wish to exercise your rights.
Changes to the Privacy Policy
Simprints may need to modify this Privacy Policy from time to time, especially in response to changes in legislation and best practices.
We encourage you to periodically review this page to remain informed of our latest privacy practices. If you have any questions, concerns, or wish to receive further information, please contact our Data Protection Officer at privacy@simprints.com.
Privacy Preference Center
When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
Manage Consent Preferences by Category
These items are required to enable basic website functionality.
These items are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission.
These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your current location.
These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. This storage type usually doesn’t collect information that identifies a visitor.