Privacy Policy

ID Dataweb, Inc. Privacy Policy


1. ID Dataweb, Inc. (“ID Dataweb”) collects personal data, which may include biometric data, of individuals with their explicit consent only on behalf of its clients and only to the extent necessary to verify the individual's identity for the purpose of mitigating fraud. 2. ID Dataweb may process data about visitors to its website and services (“usage data”). The usage data may include IP addresses, location data, and details about the user’s computer, as well as data about the timing and pattern of their visit. 3. If a person contacts us, whether through the contact form on this website or through other means, we may process personal data that that was provided, which may include their name and email address, as well as metadata created by the website associated with the contact web forms.


“Biometric data” means personal information collected by ID Dataweb and/or its Processors about an individual’s physical characteristics that can be used to identify that person. As used in this Policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Illinois BIPA, 740 ILCS § 14/10. “Biometric identifier” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include biological materials regulated under the Genetic Information Privacy Act. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on the individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers. “Client” means a company that has contracted with ID Dataweb for the purpose of processing personal data, that may include the collection and processing biometric data, for the purpose of verifying identity in order to mitigate fraud. “Personal data” means information that can be used to uniquely identify an individual. Personal data includes biometric data. “Processor” means a vendor selected or approved by the Client for the purpose of collecting and/or evaluating personal data and providing a response regarding the accuracy and consistency of the biometric data. This Policy does not include the privacy policy of our Processors, but the processing and retention of personal data is subject to the terms and conditions contained in the contract between ID Dataweb and the Processor. “Transaction” means a series of events in which personal data is collected, transmitted to a processor, a response is returned from the processor, the response is evaluated in combination with other data, and a decision is transmitted to the client. The decision returned to the client may include the personal information, including biometric data, collected from the individual.

Retaining and Deleting Personal Data

ID Dataweb retains enough metadata about a transaction to be able to identify the transaction and the decision returned. ID Dataweb does not retain personal data about an individual any longer than necessary to complete a transaction. Upon completion of each transaction, all personal data is permanently deleted.

Individual Rights

Individuals who believe that ID Dataweb has processed or possesses their personal data may make requests with respect to their personal data by contacting the company through the general-purpose contact form, located at the bottom of the Home Page at or by email to The company’s Data Protection Office (“DPO”) will promptly evaluate the request. The company’s validation criteria provide that requests may be rejected in certain circumstances, including where (i) the identity of the requester cannot be authenticated, (ii) the requester fails to provide sufficient information to allow the company to reasonably respond to the request, (iii) the request is overly broad or excessive when balanced with the resource and cost implications of responding to the request, (iv) the request is repetitive of a previous request submitted by, or behalf of, the same requester or (v) the request is clearly intended to circumvent reasonable document production restrictions under legal, administrative or similar proceedings. If the request is rejected during the validation process, the requester will be given reasons and have the opportunity to request reconsideration by the DPO. If the DPO confirms a rejection decision, you will also have an opportunity to appeal to a Privacy Review Panel. The Privacy Review Panel consists of senior company individuals who are independent of the DPO team and who have not been involved in validating, assessing or responding to a request. The Privacy Review Panel will conduct an independent review of any matter brought before it for appeal. Upon completion of its appeal review, the Privacy Review Panel will require the DPO to make available (i) any additional information it determines is appropriate and consistent with the Privacy Policy or (ii) its decision on what actions, if any, should be taken by the company. Decisions of the Privacy Review Panel are final.

Consent and Disclosure

Collection of personal data is performed only with the individual’s consent to collect and process such data. ID Dataweb does not disclose or transfer any personal information, including biometric data, to any third party except to the extent authorized by the Client.

Data Storage and Transmission

ID Dataweb uses a reasonable standard of care to store, transmit, and protect from disclosure any personal data collected. Such storage, transmission, and protection from disclosure is performed in a manner that is the same as or more protective than the way ID Dataweb stores, transmits and protects from disclosure other confidential and sensitive information, including personal data that can be used to uniquely identify an individual.

Data Protection Officer

If you need to reach our Data Protection Officer, his contact information is:

Timothy Snyder

ID Dataweb, Inc. 8330 Boone Blvd, Suite 400

Vienna, VA 22182