Privacy Policy

This Privacy Policy outlines the policies and procedures of IDMERIT regarding the collection, use, and disclosure of your information when you use our services. It also explains your privacy rights and how applicable laws protect you.

We use your personal data to deliver and enhance our services. By accessing or using our services, you consent to the collection and use of information as described in this Privacy Policy.

 

Interpretation

Capitalized terms used in this Privacy Policy have meanings defined under the conditions set out below. These definitions apply whether the terms appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access the Service or parts of the Service.

Affiliate means any entity that controls, is controlled by, or is under common control with another party, where “control” refers to ownership of 50% or more of shares, equity interest, or voting rights in the election of directors or managing authority.

idmerit.co refers to IDMERIT, the API platform provided by the Company.

Applicable Law (Colombia) refers to Law 1581 of 2012, Decree 1377 of 2013, and any other regulations governing the protection of personal data in Colombia.

Business, for purposes of applicable U.S. privacy laws (including CCPA/CPRA), refers to the Company acting as the legal entity that collects and determines the purposes and means of processing personal information.

CCPA and/or CPRA refers to the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020.

Company (referred to as “the Company”, “We”, “Us”, or “Our”) refers to IDMERIT, For GDPR purposes, the Company acts as a Data Processor and/or Data Controller as applicable, and for Colombia law purposes, acts as the Data Controller or Data Processor depending on the processing activity.

Data Controller refers to the person or legal entity that determines the purposes and means of processing Personal Data. Under Colombian law, this is the entity responsible for ensuring compliance with data protection principles.

Data Processor (Encargado del Tratamiento) refers to any natural or legal person who processes Personal Data on behalf of the Data Controller, in accordance with written instructions.

Consumer, under CCPA/CPRA, means a natural person who is a California resident.

Cookies are small text files stored on Your device to collect standard internet log information and visitor behavior information.

Country refers to Colombia, United States, or other jurisdictions where the Company operates, depending on context.

Device means any electronic device capable of accessing the Service, such as a computer, mobile phone, or tablet.

Personal Data means any information relating to an identified or identifiable natural person. Under Colombian law (Law 1581 of 2012), this includes any data that can identify or make an individual identifiable directly or indirectly.

Applicable Data Protection Law (Colombia) ensures principles such as legality, purpose limitation, freedom, transparency, access, restricted circulation, security, confidentiality, and confidentiality in data processing.

Service refers to the Application, Website, or both, operated by IDMERIT.

Service Provider means any third-party natural or legal person processing data on behalf of the Company to support Service delivery or operations. These may act as Data Processors.

Usage Data refers to data collected automatically through the use of the Service, such as session duration, device information, and interaction data.

idmerit.co refers to the official online platform of IDMERIT, accessible via its designated domain.

You means the individual or legal entity accessing or using the Service. Under Colombian law, You may also be referred to as the Data Subject (Titular de los Datos).

 

Collecting and Using Your Personal Data

In accordance with Colombian Law 1581 of 2012 on Personal Data Protection and its regulatory decrees, IDMERIT informs You that personal data collected through the Service will be processed in compliance with the principles of legality, purpose, freedom, transparency, access, restricted circulation, security, and confidentiality.

 

Types of Data Collected

Personal Data

While using our Service, we may request that You provide personally identifiable information that can be used to contact or identify You. Such information is collected only with Your prior authorization and may include:

• Email address
• First name and last name
• Phone number
• Address (State, Province, City, ZIP/Postal code)
• Usage Data

 

Usage Data

Usage Data is collected automatically when You interact with the Service.

This may include information such as Your IP address, browser type and version, pages visited, date and time of visit, duration of use, device identifiers, and other diagnostic data.

When accessing the Service through a mobile device, we may also collect information including device type, unique device identifiers, operating system, mobile browser type, IP address, and related diagnostic data.

We may also collect information transmitted automatically by Your browser or device when accessing the Service.

 

Information Collected While Using the Application

While using the IDMERIT Application, and subject to Your prior, express, and informed authorization, we may collect the following information to enable specific functionalities:

• Access to device camera
• Business name
• Website information

This information is used exclusively to provide, improve, and customize the functionality of the Service.

The data may be processed on IDMERIT servers and/or those of authorized Service Providers, or stored locally on Your device depending on the feature being used.

You may revoke or modify Your authorization at any time through Your device settings or by contacting us, without affecting the lawfulness of prior processing.

 

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to improve user experience, analyze Service performance, and ensure functionality.

In compliance with applicable data protection laws, including Colombian regulations, You are informed that You may accept or reject non-essential Cookies at any time.

 

Types of Tracking Technologies Used

Cookies (Browser Cookies)
Cookies are small files stored on Your device. You may configure Your browser to refuse Cookies or alert You when Cookies are being used. However, disabling Cookies may limit certain Service functionalities.

Web Beacons
Our Service and emails may contain web beacons (also known as clear gifs, pixel tags, or single-pixel gifs) used to analyze usage behavior, measure engagement, and improve Service performance.

 

Types of Cookies We Use

Cookies may be classified as Session Cookies or Persistent Cookies:

• Session Cookies are deleted when You close Your browser.
• Persistent Cookies remain on Your device until deleted or expired.

We use both types for the following purposes:

 

Necessary / Essential Cookies

• Type: Session Cookies
• Managed by: IDMERIT
• Purpose: These cookies are required for the operation of the Service. They enable authentication, security, and core functionality, including fraud prevention. Without these cookies, the Service may not function properly.

 

Cookie Consent / Notice Acceptance Cookies

• Type: Persistent Cookies
• Managed by: IDMERIT
• Purpose: These cookies store Your consent preferences regarding the use of Cookies on the Website, in compliance with applicable data protection requirements.

 

Functionality Cookies

• Type: Persistent Cookies
• Managed by: IDMERIT
• Purpose: These cookies allow the Service to remember Your preferences (such as language or login details) to provide a more personalized experience and improve usability.

 

Tracking and Performance Cookies

• Type: Persistent Cookies
• Managed by: Third Parties
• Purpose: These cookies are used to analyze traffic, usage patterns, and Service performance. Data collected may be associated with pseudonymous identifiers and used to improve functionality, test new features, and evaluate user interaction.

 

Your Rights as a Data Subject (Habeas Data Rights – Colombia)

In accordance with Colombian law, You have the following rights regarding Your personal data:

• To know, access, and consult Your personal data
• To update and correct inaccurate or incomplete data
• To request proof of authorization granted for data processing
• To be informed upon request regarding the use of Your data
• To revoke authorization and/or request deletion of data when applicable
• To file complaints with the Superintendence of Industry and Commerce (SIC) in Colombia for violations of applicable law

 

For more information regarding Cookies and Your choices, please refer to the Cookies section of this Privacy Policy or contact IDMERIT using the details provided in the Contact section.

 

Use of Your Personal Data

In accordance with Colombian Personal Data Protection Law (Law 1581 of 2012 and its regulatory decrees), IDMERIT processes Personal Data only with prior, express, and informed authorization from the Data Subject, except where otherwise permitted by law.

IDMERIT may use Personal Data for the following purposes:

 

To provide and maintain our Service

Including monitoring usage, ensuring functionality, security, and overall performance of the Service.

To manage Your Account

To administer Your registration as a user and provide access to functionalities available to registered users.

To perform contractual obligations

To execute, fulfill, and manage contracts for services, products, or features requested or acquired by You through the Service.

To communicate with You

To contact You via email, SMS, telephone calls, or electronic notifications regarding service updates, security alerts, and operational communications, where necessary.

To provide updates and marketing communications

To send information about products, services, promotions, and events similar to those previously requested or used by You, unless You have opted out or revoked authorization.

To manage Your requests

To respond to inquiries, complaints, petitions, and support requests submitted by You.

To deliver targeted advertising

To personalize content and advertising based on Your preferences, behavior, and/or location, and to measure advertising performance. This may involve third-party providers acting under contractual obligations.

For business transfers

We may process or transfer Your Personal Data in connection with mergers, acquisitions, restructuring, sale of assets, or other corporate transactions involving IDMERIT, in accordance with applicable law.

For other legitimate purposes

Such as data analytics, usage trend analysis, service improvement, marketing effectiveness evaluation, and enhancement of user experience.

 

Sharing of Your Personal Data

IDMERIT may share Your Personal Data under the following circumstances:

With Service Providers

We may share Your Personal Data with authorized third-party Service Providers who assist in analytics, operations, communication services, advertising, payment processing, and technical support. These parties act under strict confidentiality and data processing agreements.

For business transfers

Personal Data may be transferred in connection with corporate transactions such as mergers, acquisitions, financing, restructuring, or sale of assets, subject to applicable legal safeguards.

With Affiliates

We may share information with affiliated entities, including parent companies, subsidiaries, or entities under common control, all of which are required to comply with this Privacy Policy and applicable data protection laws.

With business partners

We may share data with trusted business partners to offer You relevant products, services, or promotional opportunities, where legally permitted and with appropriate safeguards.

With other users

Any Personal Data voluntarily shared in public areas of the Service may be visible to other users and may be collected or used outside the Service by third parties.

With Your consent

We may disclose Your Personal Data for any other purpose only with Your prior, express, and informed consent.

 

Additional Legal Safeguards (Colombia Compliance)

1. Prior Authorization (Habeas Data Principle)

By using the Service, You grant prior, express, and informed authorization for the processing of Your Personal Data, in accordance with Colombian law. You may revoke this authorization at any time, unless there is a legal or contractual obligation that requires data retention.

 

2. Sensitive Data Protection

Where IDMERIT processes sensitive personal data (as defined under Colombian law), You will not be obliged to provide such data. If provided, it will be processed only with explicit consent and under enhanced protection measures.

Sensitive data may include, among others, data affecting privacy or leading to discrimination if misused.

 

3. International Data Transfers

Your Personal Data may be transferred, stored, or processed outside of Colombia, including in countries that may not provide the same level of data protection.

In such cases, IDMERIT will ensure that appropriate safeguards are implemented, including contractual clauses, data protection agreements, or other legally recognized mechanisms, to ensure adequate protection of Your data in accordance with Colombian regulations.

 

4. Data Subject Rights (Habeas Data Rights)

In accordance with Colombian law, You have the right to:

• Access, know, and consult Your Personal Data
• Request correction or update of inaccurate or incomplete data
• Request proof of authorization granted for data processing
• Request deletion of data when applicable
• Revoke authorization or request suspension of processing when appropriate
• File complaints with the Superintendence of Industry and Commerce (SIC) in Colombia

 

Retention of Your Personal Data

IDMERIT will retain Your Personal Data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy and in accordance with applicable data protection laws, including Colombian Law 1581 of 2012.

We may retain and use Your Personal Data as required to comply with legal or regulatory obligations, resolve disputes, and enforce our agreements and policies.

Usage Data is generally retained for a shorter period of time. However, it may be retained for longer periods when necessary to strengthen security, improve Service functionality, or when required by applicable law.

 

Transfer of Your Personal Data

Your information, including Personal Data, may be processed at IDMERIT’s operating offices and in any other locations where the parties involved in processing are located.

This means Your data may be transferred to and stored on servers or systems located outside Your country, including jurisdictions that may have different data protection standards than those applicable in Colombia.

In accordance with Colombian data protection law, such international transfers will only be carried out when adequate safeguards are in place to ensure the protection, integrity, and confidentiality of Your Personal Data.

By providing Your information and using the Service, You acknowledge and authorize such transfers in accordance with this Privacy Policy.

IDMERIT will take all reasonable and appropriate technical, legal, and organizational measures to ensure that Your Personal Data is treated securely and in compliance with this Privacy Policy and applicable law. No transfer will be made to a country or organization unless adequate data protection safeguards are in place.

 

Delete Your Personal Data

In accordance with Colombian habeas data rights, You have the right to request the deletion, update, or correction of Your Personal Data held by IDMERIT.

Our Service may provide You with the ability to manage, update, or delete certain information directly through Your account settings, if available.

You may also contact us at any time to request access to, correction of, or deletion of Your Personal Data. Requests will be handled in accordance with applicable legal requirements.

Please note that we may retain certain information where there is a legal, contractual, or regulatory obligation to do so, or where retention is necessary to fulfill legitimate business purposes.

Disclosure of Your Personal Data

Business Transactions

If IDMERIT is involved in a merger, acquisition, restructuring, or sale of assets, Your Personal Data may be transferred as part of that transaction. We will ensure that You are informed before Your Personal Data becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, IDMERIT may be required to disclose Your Personal Data in response to valid legal requests from public authorities, such as courts or government agencies, in accordance with applicable law.

Other Legal Requirements

IDMERIT may disclose Your Personal Data in good faith where such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights, property, or safety of IDMERIT
• Prevent or investigate potential misuse or unlawful activity related to the Service
• Protect the personal safety of Users or the public
• Protect against legal liability

 

Security of Your Personal Data

The security of Your Personal Data is important to IDMERIT.

We implement reasonable administrative, technical, and organizational measures designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee absolute security.

 

Detailed Information on Processing of Your Personal Data

Authorized Service Providers engaged by IDMERIT may have access to Your Personal Data only to the extent necessary to perform services on our behalf.

These third-party providers may collect, store, use, process, and transfer Your information in accordance with their own privacy policies and applicable data protection agreements.

All such providers are contractually required to maintain confidentiality and implement appropriate safeguards when processing Personal Data on behalf of IDMERIT.

 

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

IDMERIT processes Personal Data only when a valid legal basis applies under the General Data Protection Regulation (GDPR). These legal bases include:

• Consent: You have given clear consent for the processing of Your Personal Data for one or more specific purposes.
• Performance of a contract: Processing is necessary to fulfill or enter into a contract with You, including pre-contractual obligations.
• Legal obligation: Processing is required to comply with applicable legal or regulatory obligations.
• Vital interests: Processing is necessary to protect Your vital interests or those of another natural person.
• Public interest or official authority: Processing is necessary for tasks carried out in the public interest or in the exercise of official authority vested in IDMERIT.
• Legitimate interests: Processing is necessary for the legitimate interests pursued by IDMERIT, provided such interests are not overridden by Your fundamental rights and freedoms.

Where applicable, IDMERIT will clarify the specific legal basis for processing and whether providing Personal Data is a statutory or contractual requirement, or necessary to enter into a contract.

 

Your Rights under the GDPR

IDMERIT is committed to respecting the confidentiality of Your Personal Data and ensuring that You can effectively exercise Your rights under the GDPR.

If You are located in the European Union, You have the following rights:

Right of access

You have the right to request access to the Personal Data we hold about You and obtain a copy of such data. Where possible, You may access or update Your information directly through Your account settings. If not, You may contact us for assistance.

Right to rectification

You have the right to request correction of inaccurate or incomplete Personal Data we hold about You.

Right to object

You have the right to object to the processing of Your Personal Data where we rely on legitimate interests, particularly if You believe such processing impacts Your rights and freedoms. You also have the right to object to processing for direct marketing purposes.

Right to erasure

You have the right to request deletion of Your Personal Data where there is no lawful or compelling reason for continued processing.

Right to data portability

You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format and to request its transfer to another controller, where technically feasible. This applies only to data processed based on consent or contract and carried out by automated means.

Right to withdraw consent

Where processing is based on Your consent, You have the right to withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal, but may limit Your ability to use certain features of the Service.

Exercising Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, erasure, restriction, objection, and data portability by contacting IDMERIT using the contact details provided in this Privacy Policy.

Before responding to Your request, we may require You to verify Your identity to ensure the security of Your Personal Data.

We will make reasonable efforts to respond to Your request as promptly as possible and within the timeframes required by applicable law.

You also have the right to lodge a complaint with a supervisory authority if You believe that the processing of Your Personal Data violates applicable data protection laws.

If You are located in the European Economic Area (EEA), You may contact Your local data protection authority for further information or to submit a complaint.

 

CCPA/CPRA Privacy Notice

This section applies solely to residents of the State of California and supplements the information contained in this Privacy Policy, in accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

 

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, or could reasonably be associated with a particular Consumer or Device, either directly or indirectly.

The following categories describe the types of Personal Information we may collect from California residents within the last twelve (12) months.

Please note that the categories listed below are defined under the CCPA/CPRA. Inclusion of a category does not necessarily mean that all examples within that category were collected in every case. Some categories of Personal Information are only collected when voluntarily provided by You.

 

Category A: Identifiers

Examples:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, driver’s license number, passport number, or similar identifiers.

Collected: Yes

Categories of Personal Information Collected

We may collect Personal Information that identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, with a Consumer or Device. The categories below are based on definitions provided under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Please note that inclusion of a category does not necessarily mean all examples are collected in every case. Some categories are collected only when voluntarily provided or required for specific Service functionality.

 

Category B: Personal Information under California Customer Records Statute

(Cal. Civ. Code § 1798.80(e))
Examples:
Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state ID number, insurance policy number, education, employment history, bank account number, credit/debit card information, financial information, medical or health insurance information.

Collected: Yes

 

Category C: Protected Classification Characteristics

Examples:
Age (40 or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender identity and expression, pregnancy or related conditions), sexual orientation, veteran or military status, genetic information.

Collected: No

 

Category D: Commercial Information

Examples:
Records of products or services purchased, obtained, or considered.

Collected: Yes

 

Category E: Biometric Information

Examples:
Facial images used for identity verification, liveness detection, and authentication.

Collected: Yes, limited use only

We may collect biometric information in the form of facial images (including encoded formats such as base64) solely for identity verification and liveness detection purposes during authentication processes.

This information is transmitted to third-party verification infrastructure (e.g., SeventhSense) for processing. IDMERIT does not retain, store, sell, or trade biometric information for any unrelated or secondary purpose.

 

Category F: Internet or Network Activity

Examples:
Interaction with our Service, browsing behavior, and engagement with advertisements.

Collected: Yes

 

Category G: Geolocation Data

Examples:
Approximate physical location derived from device or network information.

Collected: No

Category H: Sensory Data

Examples:
Audio, visual, thermal, olfactory, or similar sensory information.

Collected: No

 

Category I: Professional or Employment-Related Information

Examples:
Current or past employment history, job title, or performance-related data.

Collected: No

 

Category J: Non-Public Education Information

(Under the Family Educational Rights and Privacy Act – 20 U.S.C. § 1232g, 34 C.F.R. Part 99)
Examples:
Education records such as grades, transcripts, student schedules, identification codes, or disciplinary records maintained by educational institutions.

Collected: No

 

Category K: Inferences Drawn from Personal Information

Examples:
Profiles reflecting preferences, behavior, characteristics, psychological trends, or similar attributes.

Collected: No

 

Category L: Sensitive Personal Information

Examples:
Account login credentials, passwords, and limited authentication-related data.

Collected: Yes

 

Exclusions Under CCPA/CPRA

Under the CCPA/CPRA, Personal Information does not include:

• Publicly available information from government records
• Deidentified or aggregated consumer information
• Information excluded under sector-specific privacy laws, including:
  • Health information covered by HIPAA or the California Confidentiality of Medical Information Act (CMIA)
  • Clinical trial data
  • Information regulated under the Fair Credit Reporting Act (FCRA)
  • Information regulated under the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA)
  • Driver’s Privacy Protection Act of 1994

 

Sources of Personal Information

We collect the categories of Personal Information described in this Privacy Policy from the following sources:

Directly from You

For example, when You complete forms on our Service, communicate preferences, create an account, or make purchases.

Indirectly from You

For example, through Your interactions, usage behavior, and activity within our Service.

Automatically from You

For example, through Cookies and similar tracking technologies placed on Your device as You navigate or interact with our Service.

From Service Providers

For example, third-party vendors that assist us with analytics, advertising, payment processing, security, infrastructure, and other services necessary to operate and deliver the Service.

 

Use of Personal Information

IDMERIT may use or disclose Personal Information for business or commercial purposes, as defined under the CCPA/CPRA, including but not limited to the following:

• To operate, maintain, and provide the Service
• To provide customer support and respond to inquiries, requests, or complaints, and to improve our Service
• To fulfill the purpose for which the information was provided (for example, processing transactions, delivering services, or responding to inquiries)
• To comply with applicable laws, regulations, legal processes, or governmental requests
• As described at the time of collection or otherwise outlined in this Privacy Policy
• For internal administrative, auditing, reporting, and operational purposes
• To detect, prevent, and investigate security incidents, fraud, abuse, or illegal activity, and to enforce our rights and protect users and systems
• For other operational or one-time legitimate business uses

The examples above are illustrative and not exhaustive. For additional details, please refer to the “Use of Your Personal Data” section of this Privacy Policy.

If we collect additional categories of Personal Information or use existing information for materially different, unrelated, or incompatible purposes, we will update this Privacy Policy accordingly.

 

Disclosure of Personal Information

We may disclose, and may have disclosed in the past twelve (12) months, the following categories of Personal Information for business or commercial purposes:

• Category A: Identifiers
• Category B: California Customer Records information (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category E: Biometric information
• Category F: Internet or similar network activity
• Category L: Sensitive personal information

These categories are defined under the CCPA/CPRA. Inclusion of a category does not necessarily mean all types of data within that category were disclosed in every instance. Rather, it reflects our good-faith belief that certain data within these categories may have been disclosed where necessary.

When Personal Information is disclosed for a business or commercial purpose, IDMERIT ensures that the recipient is bound by contractual obligations requiring confidentiality, restricted use of the data, and compliance with applicable data protection laws.

Sharing of Personal Information

We may share, and may have shared in the past twelve (12) months, Your Personal Information with the following categories of third parties:

• Service Providers supporting our operations, analytics, security, and infrastructure
• Payment processors facilitating financial transactions
• Affiliated entities within the IDMERIT corporate group
• Business partners offering services, integrations, or promotions
• Third parties authorized by You or acting on Your behalf in connection with services we provide

Sale of Personal Information

For purposes of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the terms “sell,” “sale,” or “selling” mean disclosing, making available, transferring, or otherwise communicating a Consumer’s Personal Information to a third party for valuable consideration. This may include non-monetary benefits.

IDMERIT does not sell Personal Information in the traditional sense. However, we may allow Service Providers to use certain Personal Information for business purposes such as analytics, marketing, and advertising. Under CCPA/CPRA definitions, some of these activities may be considered a “sale” or “sharing” of Personal Information.

We may have “sold” or “shared” in the past twelve (12) months the following categories of Personal Information:

• Category A: Identifiers
• Category B: California Customer Records information (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category E: Biometric information
• Category F: Internet or other similar network activity
• Category L: Sensitive personal information

These categories are defined under CCPA/CPRA. Inclusion does not mean all data within a category is sold in every instance, but reflects a good-faith understanding that certain data may be shared where legally permitted.

Sale of Personal Information of Minors Under 16

IDMERIT does not knowingly collect or solicit Personal Information from individuals under the age of 16.

Some third-party services or websites linked through our Service may independently collect such data. These third parties operate under their own privacy policies, and we encourage parents and guardians to supervise children’s online activities.

We do not knowingly sell Personal Information of consumers under 16 years of age. If we become aware that such data has been collected, it will be deleted unless we receive valid affirmative authorization:

• For users aged 13–16: consent must be provided directly by the user (“opt-in”)
• For users under 13: consent must be provided by a parent or legal guardian

Consumers (or their authorized representatives) may opt out of any future sale or sharing at any time by submitting a request through the contact details provided in this Privacy Policy.

If you believe a child has provided Personal Information without authorization, please contact us so we can take appropriate action, including deletion.

 

Your Rights under the CCPA/CPRA

If you are a California resident, you are entitled to the following rights regarding your Personal Information:

Right to notice

You have the right to be informed about the categories of Personal Information collected and the purposes for which it is used.

Right to know / access

You have the right to request disclosure of the Personal Information we collect, use, disclose, sell, or share. Upon verification, we will provide:

• Categories of Personal Information collected
• Sources of such information
• Business or commercial purposes for collection or sale
• Categories of third parties with whom information is shared
• Specific pieces of Personal Information collected about You

If applicable, we will also disclose:

• Categories of Personal Information sold
• Categories of Personal Information disclosed for business purposes

 

Right to opt-out of sale or sharing

You have the right to direct IDMERIT not to sell or share your Personal Information. You may submit an opt-out request through the “Do Not Sell or Share My Personal Information” mechanism or by contacting us.

 

Right to correct inaccurate information

You have the right to request correction of inaccurate Personal Information. We will make reasonable efforts to correct such data, including directing Service Providers where applicable.

 

Right to limit use of sensitive Personal Information

You have the right to request limitation of the use or disclosure of Sensitive Personal Information, subject to legal exceptions. Requests may be submitted via the designated section or by contacting us.

 

Right to delete Personal Information

You have the right to request deletion of your Personal Information, subject to certain legal exceptions.

We may deny deletion requests where retention is necessary to:

• Complete transactions or provide requested services
• Maintain security and prevent fraud or illegal activity
• Debug and improve system functionality
• Comply with legal obligations
• Exercise or defend legal claims
• Conduct internal business operations consistent with user expectations

 

Right to non-discrimination

We will not discriminate against you for exercising any of your privacy rights. This includes:

• Denying goods or services
• Charging different prices or rates
• Providing different levels or quality of service
• Suggesting different treatment based on privacy choices

Exercising Your CCPA/CPRA Data Protection Rights

Please refer to the sections titled “Do Not Sell or Share My Personal Information” and “Limit the Use or Disclosure of My Sensitive Personal Information” for details on how to exercise your opt-out and limitation rights.

If You are a California resident, You may also exercise Your rights under the CCPA/CPRA by contacting IDMERIT at:

Email: [email protected]

Only You, or a person authorized by You and registered with the California Secretary of State to act on Your behalf, may submit a verifiable request related to Your Personal Information.

 

Requirements for Verifiable Requests

Your request must:

• Provide sufficient information to reasonably verify Your identity or Your authority to act on behalf of another individual
• Include enough detail to allow us to understand, evaluate, and respond to Your request

We cannot respond to or fulfill Your request if we are unable to verify Your identity or authority, or confirm that the Personal Information relates to You.

 

Response Timeline

We will respond to verifiable requests within 45 days of receipt. If necessary, this period may be extended by an additional 45 days, in which case You will be notified of the reason for the delay.

All disclosures will cover the 12-month period preceding the request, unless otherwise required by law.

For data portability requests, we will provide Your Personal Information in a structured, commonly used, and machine-readable format that allows transfer to another entity without hindrance.

 

Do Not Sell or Share My Personal Information

Under the CCPA/CPRA, “sell” or “share” means disclosing or making available Personal Information to a third party for valuable consideration, which may include non-monetary benefits.

While IDMERIT does not sell Personal Information in the traditional sense, we may allow certain Service Providers to process Personal Information for purposes such as analytics, advertising, and marketing. Some of these activities may be considered a “sale” or “sharing” under applicable law.

 

Your Right to Opt-Out

You have the right to opt out of the sale or sharing of Your Personal Information. Once we receive and verify Your request, we will stop such processing where applicable.

To exercise this right, please contact us at: [email protected]

 

Third-Party Advertising and Tracking

Certain Service Providers (such as analytics or advertising partners) may use technologies on our Service that are considered a “sale” or “sharing” of Personal Information under CCPA/CPRA.

You may opt out of interest-based advertising using the following industry tools:

• Network Advertising Initiative (NAI): http://www.networkadvertising.org/choices/
• European Interactive Digital Advertising Alliance (EDAA): http://www.youronlinechoices.com/
• Digital Advertising Alliance (DAA): http://optout.aboutads.info/?c=2&lang=EN

 

Browser and Device Opt-Out

Opt-out settings are browser-specific and may require action on each browser you use. If You clear cookies or switch browsers, You may need to opt out again.

Website Controls

Where available, You may use options such as “Privacy Preferences,” “Do Not Sell or Share My Personal Information,” or similar settings provided on our Service.

Mobile Devices

You may also limit ad tracking through Your device settings:

• Android: “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization”
• iOS: “Limit Ad Tracking”

You may also disable location tracking through Your mobile device settings.

 

Limit the Use or Disclosure of My Sensitive Personal Information

If You are a California resident, You have the right to limit the use and disclosure of Sensitive Personal Information to only what is necessary to provide the requested services or goods.

IDMERIT uses Sensitive Personal Information only for essential service delivery and operational purposes.

For more details, please refer to the “Use of Your Personal Data” section or contact us at [email protected].

 

Do Not Track (DNT) Signals

Our Service does not currently respond to Do Not Track (DNT) browser signals.

However, You may configure Your browser settings to indicate Your tracking preferences or disable tracking features.

 

California “Shine the Light” Law

Under California Civil Code Section 1798.83 (“Shine the Light” law), California residents may request information once per year regarding the disclosure of Personal Information to third parties for their direct marketing purposes.

To submit a request, please contact us using the information provided below.

 

California Privacy Rights for Minors

California residents under the age of 18 who are registered users may request removal of publicly posted content or information, pursuant to California Business and Professions Code Section 22581.

To request removal, please contact us at [email protected], including the email address associated with your account.

Please note that complete removal may not always be possible in all circumstances under applicable law.

 

Children’s Privacy

Our Service is not intended for children under the age of 13, and we do not knowingly collect Personal Information from children under 13.

If we become aware that we have collected Personal Information from a child under 13 without verified parental consent, we will take steps to delete such information.

If parental consent is required under applicable law, we may request verification of such consent before processing information.

 

Links to Other Websites

Our Service may contain links to third-party websites. We are not responsible for the content, privacy practices, or policies of such external sites.

We encourage You to review the privacy policies of any third-party websites You visit.

 

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page.

Where required by law, we may notify You via email or through a prominent notice on our Service before changes take effect.

The “Last Updated” date will be revised accordingly.

We encourage You to review this Privacy Policy periodically.

 

Contact Us

If You have any questions about this Privacy Policy or Your privacy rights, You may contact us at:

Email: [email protected]