Mitek Privacy Policy Statement - Archived

Mitek Systems, Inc. and its affiliates (the “Company,” “we,” or “us”) respect your privacy. This Privacy Policy Statement describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us. By accessing our website, or purchasing our products or services, you agree to this Privacy Statement in addition to any other agreements we might have with you. This Privacy Statement does not govern the practices of entities that our Company does not own or control, or entities that do not own or control our company or people that our Company does not employ or manage. This Privacy Policy Statement includes the Company’s Privacy Policy Statement and the Privacy Shield Statement.

1. Our Collection of your Personal Information

The information we collect may include your personal information, such as your name, contact information, IP addresses, information contained on government issued identity documents, biometric data provided by you, product and service selections and other things that identify you. We collect personal information from you at several different points, including but not limited to the following:

  • when we correspond with you as a customer or prospective customer;
  • when you visit our website;
  • when a 3rd party submits your information for processing;
  • when you register as an end-user of our services and an account is created for you;
  • when you contact us for help;
  • when you attend our conferences or webinars; and
  • when the site sends us error reports or application analytics data.

2. Our Use of your Personal Information

Our Company may use information that we collect about you to:

  • deliver the products and services that you have requested;
  • manage your customer relationship and provide you with customer support;
  • perform research and analysis about your use of, or interest in, our products, services, or content, or products, services or content offered by others;
  • communicate with you by e-mail, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us, or other third parties;
  • enforce our terms and conditions;
  • manage our business;
  • perform functions as otherwise described to you at the time of collection; and
  • transfer personal information to third parties for any legally permissible purpose in our sole discretion.

3. Our Disclosure of your Personal Information to Third Parties

We may share your personal information with third parties only in the ways that are described in this Privacy Statement:

  • we may provide your information to our agents, vendors or service providers who perform functions on our behalf;
  • third party contractors may have access to our databases.  Usually these contractors sign a standard confidentiality agreement;
  • to our customers who have provided your information to us in connection with our products and services;
  • we may share your data with any parent company, subsidiaries, joint ventures, other entities under a common control or third party acquirers. We expect these other entities will honor this Privacy Statement;
  • we may allow a potential acquirer or merger partner to review our databases, although we would restrict their use and disclosure of this data during the diligence phase;
  • as required by law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to our Company; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our agreements or Company policies; and
  • other third parties with your consent or direction to do so.

Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.

4. Our Security Measures to Protect your Personal Information

Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and other companies to help ensure its security. This site and our products and services have security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet. Also, if this website contains links to other sites, our Company is not responsible for the security practices or the content of such sites.

5. Our Use of Cookies, Web Beacons, Web Analytics Services, and Links

  • Cookies. Many of our web pages use “cookies.” Cookies are text files we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at one of our sites. However, once you choose to furnish the site with personal information, this information may be linked to the data stored in the cookie. We use cookies to understand site usage and to improve the content and offerings on our sites. We also may use cookies to offer you products, programs, or services. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies, please consult the privacy features in your browser.
  • Web Beacons. Our Company and third parties may also use small pieces of code called “web beacons” or “clear gifs” to collect anonymous and aggregate advertising metrics, such as counting page views, promotion views, or advertising responses. These “web beacons” may be used to deliver cookies that conform to our Company’s cookie requirements.
  • Links. We may create links to other web sites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated with or authorized by our Company may have links leading to our site. Our Company cannot control these links and we are not responsible for any content appearing on these sites. Since this website does not control the privacy policies of third parties, you are subject to the privacy practices of that third party. We encourage you to ask questions before you disclose any personal information to others.
  • Other. Our Company websites may use third parties to present or serve the advertisements that you may see at its web pages and to conduct research about the advertisements and web usage. This Privacy Statement does not cover any use of information that such third parties may have collected from you or the methods used by the third parties to collect that information.

6. Our Retention of your Personal Information 

We will retain any personal information only for as long as is necessary to fulfil the business purpose it was collected. We will also retain and use your personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

7. International Transfers of your Personal Information

Information collected from you may be stored and processed in the United States or any other country in which our Company or agents or contractors maintain facilities unless prohibited by our agreements with our customers or by applicable law. By accessing our sites and using our services, you consent to any such transfer of information outside of your country. European Union or Swiss individuals may refer to the Privacy Shield statement below with regard to the transfer of their personal data.

8. Your Access to and Updating of your Personal Information

Reasonable access to your personal information may be provided at no cost upon request made to our Company at the contact information provided below. If access cannot be provided within that time frame, our Company will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

9. Children’s Privacy

Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 13.  If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.

10. Your California Privacy Rights

Our Company does not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal information about your online activities over time and across sites when you visit the site.

If you are a California resident, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an e-mail to privacy@miteksystems.com.

Our site, products, and services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content or information to privacy@miteksystems.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal information about them to third parties for their marketing purposes.

11. Changes to our Privacy Statement

Our Company may amend this Privacy Statement at any time by posting a new version. It is your responsibility to review this Privacy Statement periodically as your continued use of this website represents your agreement with the then-current Privacy Statement.

12. Contacting Us

If you have any questions about this Privacy Statement, the practices or concerns of this site, please contact our Privacy Officer at: privacy@miteksystems.com.

Privacy Shield Statement

Mitek Systems, Inc. and its U.S. affiliates IDChecker Inc. (collectively “Mitek”) comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.

Mitek has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles will govern. This Privacy Statement outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information.

A). Definitions

“Personal Data” means information that (1)is transferred from the EU/EEA or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

B). Principles

Mitek may receive Personal Data from itself as well as from its affiliates and other parties located in the EU/EEA. Such information may contain names, addresses, email addresses, personal information contained on government issued identity documents, biometric data and payment information and may be about customers, clients of customers, business partners, consultants, employees, and candidates for employment and includes information recorded on various media as well as electronic data.

Mitek generally does not collect Personal Data directly from individuals. Mitek, however, may receive Personal Data indirectly via its customers. Mitek expects that those customers comply with the Principles. Mitek will cooperate with its customers to enable them to comply with the Principles, to the extent a Principle is applicable to Mitek.

Whenever Mitek collects Personal Data directly from individuals, Mitek complies with the Principles:

  1. Notice. We shall inform an individual of the purpose for which we collect and use their Personal Data and the types of third parties to which our Company discloses or may disclose that Personal Data. Our Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to our Company, or as soon as practicable thereafter, and in any event before our Company uses or discloses the Personal Data for a purpose other than for which it was originally collected. Mitek may be required to disclose Personal Data in response to lawful request by public authorities, including to meet national security or law enforcement requirements.
  2. Choice. We will offer individuals the opportunity to choose (opt out) whether their Personal Data is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, our Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information to a third party or for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Our Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
    Agents, technology vendors and/or contractors of Mitek or Mitek affiliates may have access to an individual’s Personal Data on a need to know basis for the purpose of performing services on behalf of Mitek or providing or enabling elements of the services. All such agents, technology vendors and contractors who have access to such information are required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for Mitek or as otherwise required by law.
  3. Accountability for Onward Transfer. Prior to disclosing Personal Data to a third party, we shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Our Company shall ensure that any third party to which Personal Data may be disclosed subscribes to the Principles or is subject to laws providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection. Mitek may be held responsible in cases of onward transfers to third parties.
  4. Data Security. We shall take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, our Company cannot guarantee the security of Personal Data on or transmitted via the Internet.
  5. Data Integrity and Purpose Limitation. We shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, our Company shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
  6. Access and Recourse. We acknowledge the individual’s right to access their Personal Data. We shall allow an individual access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
  7. Enforcement and Liability. The Federal Trade Commission has jurisdiction over Mitek’s compliance with the Privacy Shield. In compliance with the Privacy Shield Principles, Mitek commits to resolve complaints about privacy and our collection or use of Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us at:

Mitek Systems, Inc.
Privacy Officer
600 B Street, Suite 101
San Diego, California 92101 USA
E-mail: privacy@MitekSystems.com

For complaints that cannot be resolved between the Company and the complainant, the Company agrees to participate in the dispute resolution procedures of the panel established by the European Union data protection authorities (DPAs) and Swiss Federal Data Protection and Information Commissioner (FDPIC) to resolve disputes pursuant to the Privacy Shield Principles. The EU DPA panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPAs may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

Mitek agrees to cooperate with the decisions of the EU DPA Panel and the FDPIC. The services of EU DPAs are provided at no cost to you.

  1. Please note that if your complaint is not resolved through any of the above channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

C). Amendments

This Privacy Statement may be amended from time to time consistent with the requirements of the Shield Frameworks. We will post any revised policy on this website.

D). Information Subject to Other Policies

We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of Mitek that may differ in some respects from the general policies set forth in this Privacy Statement.

Updated: May 10, 2019