Last updated: 22 August 2023
Simprints has customizable Privacy Notices inbuilt into our Simprints ID (SID) mobile application that Controllers can upload and amend as appropriate.
Unless permitted by applicable law or consent has been given with clear affirmative action by parents, legal guardians, or caregivers, you must not permit any child under the age of 13 to access Simprints’ services.
If Simprints in its capacity as Controller learns that a minor has submitted personal data without consent from a parent, legal guardian, or caregiver, we will attempt to locate and delete the information within 30 days.
This may vary depending upon the project and its nature; the Controller’s identity will always be communicated to you as part of the consent statement, privacy notice, or other material given to you when you provide us with personal data. Regardless of our role, we take our responsibilities very seriously in protecting the privacy, confidentiality, and security of your personal data. We do not collect more personal data than we have to and will always have a valid reason and lawful basis for processing.
Data That We Control
Where Simprints is the Controller, we will only collect and use your personal data in line with the original purpose. We strictly adhere to the data minimization principle and will not collect more personal information than we have to.
Simprints will verbally and in writing provide you with a Service-specific Privacy Notice at the point of in-person data collection. This will include the identity and role of any third parties involved in the project you are engaging with. Other than those partners (and our service providers) identified in these Service-specific Privacy Notices or this document, we will never share your personal data without your consent (unless required to by law) nor will we sell your information onto a third party.
Data Retention Period For Data That We Control
Simprints will not retain your personal data for longer than is strictly necessary for us to achieve our original purpose unless required to by law. The data retention period and its criteria are dependent on the types of personal data, sensitivity, potential risks and the purpose for which it was provided.
Your personal data may be deleted before the data retention period if we receive a formal request for data deletion and that you have withdrawn consent for any future communication from Simprints.
Lawful Basis For Data That We Control
Depending upon the data we collect from you, Simprints and / or its partner may use a variety of routes in law - the ‘Lawful Basis’ - to process data that relates to you. This section outlines when these may be used.
Lawful Basis: Consent or Legitimate Interests
For example, Simprints may collect your personal data as part of your access and use of its Website, social media platforms, SID mobile application, Vero 1.0 or Vero 2.0 scanners, conversations or correspondence with its Employees, events registration, Simprints’ subscriptions such as external newsletters or publications, as well as information collected as part of a complaints mechanism or inquiry.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various program activities in order to further work in Public Health, Development, and Sustainable Development Goals, and other commercial, research, and partnership objectives supporting this work.
Lawful Basis: Legitimate Interests or Public Task
Biometric data is more sensitive and therefore warrants extra protection in addition to a Separate Condition for Processing. Please see below:
|Special Condition for Processing||Purpose|
|Health or Social Care||Some 850 million people are invisible in the eyes of the economy as they have no formal type of identification. Simprints can actively enrol individuals giving them a biometric ID, which helps them unlock access to life-saving healthcare treatment and services, as well as accurately identifying and verifying their identity in the future. This may for example include Maternal and Child Health Services.|
|Public Health||Simprints is dedicated to strengthening areas of public health, especially serious cross-border threats to health such as malaria. With the new malaria vaccine for children, Simprints can help partners verify the delivery of vaccines and strengthen healthcare systems.|
|Archiving, Research and Statistics||Simprints conducts research in order to improve service delivery and help strengthen technology for development efforts.|
Simprints SID mobile application and Vero 1.0 and Vero 2.0 scanners allow us to collect either / both biometric templates or / and images. We will always ask for your consent and inform you verbally and in writing in our Privacy Notice about what data is being collected, what our purpose and separate conditions for processing are, what our data retention period is, where we are storing your data, who our Sub-processors are, as well as your rights.
Where Simprints is the Controller, we will always give you the option of an alternative form of identification if you do not consent to your biometric information being taken, ensuring you can access essential services and programs.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various program activities in order to further work in Public Health, Development, and Sustainable Development Goals, and other commercial, research, and partnership objectives supporting this work - in particular, where the objectives of the project cannot be met without using biometric information which identifies the participants in question.
Lawful Basis: Legitimate Interests
Simprints relies on legitimate interest as its lawful basis to collect, process, and store business / financial information on our Partners, Funders, Sub-Processors, or Suppliers in order to be able to pay the entities or be paid by them for our Services. This may include, but is not limited to details of bank accounts and company representatives.
Recruitment and Employee Information
Lawful Basis: Consent, Contract, or Legal Obligation
Simprints holds personal data on past, current, and future employees in order to enter into employment contracts or because we have legal obligations to hold it for taxation purposes. This may include, but is not limited to education and previous employment details, proof of income, contact details, and details supporting mitigating circumstances.
Where Legitimate Interest is the basis chosen for this data, it will be for the Interest of undertaking Simprints’ various commercial, research, business, and partnership objectives supporting its work to further the implementation of the Sustainable Development Goals and undertake other programmatic work supporting the treatment of preventable health conditions, implementation of humanitarian aid or development assistance.
Where Simprints is the Processor, we will only act on behalf of the written instructions of the Controller. Simprints is not responsible for how the Controller handles personal information collected through our Services, including compliance with UK GDPR or applicable law.
Metadata about ongoing projects may be used in either aggregated, pseudonymized or tokenized formats with the permission of the Controller. At the end of projects, this Metadata may be anonymised and used internally by Simprints to improve our Services.
Simprints is a registered UK-based entity and is therefore subject to the Data Protection Act 2018 and the UK GDPR, which regulate various aspects of its processing, including the security of processing. We take the security of your data very seriously, and implement an Information Security Management System which ensures that we apply the right controls - including independent security testing and encryption - which safeguard your data.
Our service providers such as Google have been certified compliant with ISO/IEC 27018 for Google Workspace and Google Cloud and meet high international standards.
Special category data, specifically the biometric data is encrypted end-to-end. Biometric data sent to our cloud for storage where only an authorized number of Simprints Employees have access.
Simprints’ main information systems are located within either the USA (United States of America) or within Europe and accessed by Simprints’ Employees, who may be located in regional hub centres.
Where the Controller is located in a third country, personal data may sometimes be stored on local servers. Simprints may transfer personal data to entities in countries that are deemed to have an adequate level of protection (‘adequacy decision’) by the UK. In the absence of adequacy regulations for the transfer of personal data to a third country, Simprints will ensure that appropriate safeguards and enforceable rights are made available.
Simprints employs various third parties who may from time to time store, process, or analyse data. These for example include Google Cloud Platform, SurveyCTO, and Salesforce.
Simprints will not generally transfer data to other third parties - such as law enforcement, other implementation providers, etc - other than as required or permitted to by law or outlined in a Service-specific Privacy Notice. Where possible, if we are requested or compelled to transfer data to a third party for law enforcement or investigative purposes, we will contact you first.
Cookies help our Website to run properly and to collect anonymous site statistics that will help Simprints to improve its user experience and performance. For more information about Cookies, please visit http://www.allaboutcookies.org.
Please note that some of our pages display content from external providers, including but not limited to Twitter, YouTube, Linkedin, Webflow, Workable, and others. Simprints does not control how third-party cookies are used. Please refer to individual third-party cookie providers for more information about their Privacy and Cookie Policies.
Exercise Your Rights And Opt-out
We strictly operate on an opt-in basis except for Essential cookies that are activated without your consent as they are necessary for our Website to properly and securely run.
If you do consent to non-essential cookies, but later change your mind, you can customize and withdraw your consent at any point in time (except for Essential cookies). Please click on the bottom left pop-up button, which will take you to the Privacy Preference Center where you can then select “Reject all cookies” or customize according to your preferences.
You can also disable cookies through your web browser. Please see the below links for more information on how to do this on the most commonly used browsers:
The Specific Cookies We Use
|_ga_QM838G5Z8X||Google Analytics||Used to persist session state||2 years|
|_ga||Google Analytics||Used to distinguish users||2 years|
|fs-cc||Webflow||Used for the consent pop-up||6 months|
|fs-cc-updated||Webflow||Used for the consent pop-up||6 months|
The personal data is yours, not ours. Simprints will only do what you tell us we can do with your personal data and we will respect your preferences and instructions. Unless the law tells us that we have to act differently, we will always abide by your preferences.
The rights of Data Subjects are qualified, but we aim to respond to requests to access and correct (if necessary) any personal data without undue delay. These rights include:
You also have the right to complain about the use and treatment of your data - both to our Data Protection Officer, and also to an independent regulator such as the Information Commissioner’s Office in the UK.
Please contact our Data Protection Officer at email@example.com if you wish to exercise your rights.
We encourage you to periodically review this page to remain informed of our latest privacy practices. If you have any questions, concerns, or wish to receive further information, please contact our Data Protection Officer at firstname.lastname@example.org.