At Socure, we value your privacy and are committed to protecting your personal data. When you choose to exercise your rights under privacy and data protection laws, we want you to know what to expect. Here’s a high-level overview of the process we follow to ensure your rights are respected and your requests are handled promptly and securely.
Intake
Your journey begins with the submission of your Data Subject Request (DSR), which we discuss in the How to Exercise Your Privacy Rights section of our Global Privacy Statement. You can submit your request through any of the following channels:
- Online Data Rights Form on our website
- Dedicated Privacy Phone Line: 1-888-690-3709
- Email to privacy@socure.com
- Other Means such as through our GDPR representatives in the UK or EU
When you submit your DSR, we collect only the information necessary to verify your identity and understand your request. This typically includes your name, email address, telephone number, and details about the data right you wish to exercise.
Once we have your request, we send you an acknowledgement message to confirm that we’ve received it. If you submitted your request through the form, you should receive an automated acknowledgement message right away. If you submit your DSR via a direct email or another method, you will receive a manual acknowledgement message from our intake coordinator.
Triage
Next, our team categorizes and prioritizes your request. This step includes determining whether there is an applicable privacy law where you live and whether the right you requested is granted under the law. Without an applicable law, we may not be able to fulfill your request.
During this stage, we also assess and categorize the data that is in scope by reviewing the details of your request and any associated comments. For example, we analyze whether your request pertains to employment data or our third-party vendor data. We also review whether your request involves customer data that Socure is contractually prohibited from modifying or altering without their written instructions. If your request relates to our customers, we will ask you to contact them directly and await their instruction to fulfill the DSR.
If we clearly understand your request and the right you are asking for applies to you under the law, we proceed to verify your identity. If we are unable to fulfill your request, we will send you a closure communication at this stage that explains why.
Identity Verification
During this phase, we verify your identity to ensure the security and integrity of your personal information. This step is important because we are legally required to make sure each DSR is verifiable. If additional information is needed for us to verify your identity, we will email you.
The identity verification process is tailored to the type of request received and the data in scope. A business marketing opt-out requires less verification than a deletion request, which typically requires less verification than a request to access sensitive personal data. We use only the information we need to make sure you are who you say you are before we fulfill a request that impacts personal data.
At Socure, we exclusively provide identity verification and fraud prevention services to businesses. We do not use your data for marketing purposes, unless you express an interest in buying our products. We do not create or support any consumer marketplaces with your data. Our sole focus is supporting our business customers whose products or services you are trying to access.
For business marketing opt-outs and for requests relating to job applicants who we did not hire, we rely solely on the personal information you provide in the data rights form to verify your identity. We do not use our products for verification. For DSRs from current or former employees, we will contact you directly to verify your request.
The majority of our DSRs come from consumers requesting access to or deletion of the personal data we obtain from our third-party data sources. Here’s a bit more information about how identity verification works in those situations:
- Personal Data Use: We run the name, email address, and telephone number you provide in the data rights form through our best in class identity verification and fraud prevention products.
- Risk Review: If your request is flagged for suspected fraudulent activity, we will inform you and close the request. If your request shows indicators of identity theft, such as being associated with a person who is deceased, we will ask you for additional verification. Otherwise, your request is moved to the fulfillment stage.
- Additional Verification: When we request additional verification, it’s because we take identity very seriously and have a reason to believe someone other than you is making a request that relates to your personal data. That’s why, if we see indicators of identity fraud, we email you to request that you consent to provide your government-issued identification document and selfie for further verification. If this verification is successful, we move your request to the fulfillment stage.
Data Retention: Regardless of the process used to verify your request, the personal information you provide for the purpose of exercising your rights is used only for that purpose and retained for no longer than 7 calendar days, except to the extent that we maintain records needed to prove our compliance with the law. The 7-day retention period allows us to communicate with you in the event we need additional information or otherwise need to troubleshoot our verification process.
Fulfillment
Once your identity is verified, we assign an internal fulfillment coordinator to your DSR based on the data in scope and the nature of your request. The fulfillment coordinator performs internal due diligence to locate your data across various systems, including HR databases, marketing platforms, and vendor records.
Depending on your request, the fulfillment process may involve:
- Access Requests: Providing you with a copy of your personal data.
- Deletion Requests: Removing your data from our systems.
- Correction Requests: Updating incorrect information.
- Opt-Out Requests: Ensuring you do not receive unwanted communications.
More on Access Requests: If we locate information about you in connection with an access request, we will notify you by email and ask you for additional verification via a review of your government-issued identity document and selfie prior to sending your personal data. Given the volume and sensitive nature of the personal information provided in response to an access request, we use the same additional verification process used when we see indicators of identity fraud. We view this process as the most effective means by which we meet our legal obligations to ensure the request is verifiable while also preserving the privacy and security of the data by verifying that only the owner of the personal data requested receives access.
Once you complete the additional verification connected to an access request, we send you an email with a password-protected and encrypted file, which is intended to protect the information from unauthorized access. The data is provided in a format that is easily readable by a human or a machine. If you have any questions about or have trouble accessing the file, please email us at privacy@socure.com. We’re here to help.
Communication
Throughout the process, we keep you informed. You will receive at least two communications from us:
- Acknowledgement: Confirmation that we have received your request.
- Final Response: Notification that your request has been fulfilled or further instructions if additional information is needed.
If your request requires more time due to its complexity, we will send you a status update and a new estimated completion date.
Closure
Once we have fulfilled your request, we will send you a final communication to confirm that the process is complete. If we are unable to fulfill your request, we will explain why and provide guidance on what you can do next.
Escalation
In rare cases that involve nuanced issues of legal or regulatory concern, your request may be escalated to our legal team for further review.
Metrics and Monitoring
We track and monitor all DSRs–and regularly review our policies and procedures for intake, triage, and fulfillment–to support compliance and undertake continuous improvement. Our goal is to handle each request efficiently and transparently, respecting your privacy and data protection rights.
Conclusion
At Socure, we are dedicated to safeguarding your personal data and making the process of exercising your data privacy rights as straightforward as possible. If you have any questions or need further assistance, please visit our Privacy Statement or contact us at privacy@socure.com.
We appreciate your trust and are committed to protecting your privacy every step of the way.
The post What to Expect When You Exercise Your Data Rights with Socure appeared first on Socure.