HID PIV-I SERVICE PRIVACY POLICY
Effective Date: 13 June 2011
Date Last Updated: 13 June 2011

ActivIdentity, Inc. ("ActivIdentity") provides this HID PIV-I Service ("PIV-I Service") privacy policy in order to demonstrate our commitment to privacy. We recognize the importance of safeguarding your personally identifiable information, and we want you to feel confident about your information's privacy when you provide ActivIdentity with that information.

This privacy policy applies to information collected by ActivIdentity on this website at the URL http://piviservice.hidglobal.com/ ("Site") and otherwise through the PIV-I Service. By using the PIV-I Service, you consent to the collection, use, and storage of your personally identifiable information as described in this privacy policy.

Information Collection and Use

ActivIdentity collects no personally identifiable information about you when you generally visit our Site. If you choose to fill in the contact us form, complete the PIV-I Service customer application process or subscriber registration and enrollment process, we will collect your personally identifiable information as set forth in this privacy policy.

If you complete the contact us form on the Site, we will collect your name, company name, title, address, email, phone number and any other personally identifiable information that you choose to provide to us. As a government contractor that engages with ActivIdentity to issue PIV-I cards ("Customer"), we will collect the following personally identifiable information from you as part of the PIV-I Service customer application process: your name, company name, title, address, email and phone number as well as the names and emails of your employees that will receive PIV-I cards ("Subscribers"). We will use such personally identifiable information to respond to your inquiries and to provide our PIV-I Service to you. We will use your Subscribers' names and emails to send them an email inviting them to register as a Subscriber on the Site to receive their PIV-I card.

When a Subscriber registers on the Site, we will collect their full name, preferred name for their card, phone number, email, optional Customer-provided name, date of birth, place of birth, Subscriber chosen PIN and employee number. Once a Subscriber has registered on the Site, the Subscriber will be required to schedule an appointment to visit an enrollment center. At such appointment, the Subscriber will be required to provide 2 forms of government issued identification (such as a state issued driver's license or passport), have their picture taken, and fingerprints scanned and we will collect this information from them. Once we notify the Subscriber that their PIV-I card is ready for them to pick-up, the Subscriber will be asked to schedule another appointment. At this second appointment the Subscriber can activate their PIV-I card using their PIN and fingerprints. We will use the Subscriber's personally identifiable information that we collect to provide the PIV-I Service and to contact the Subscriber in conjunction with the PIV-I Service (such as, when the card is lost or revoked). Customers and Subscribers are solely responsible for selecting the Government agencies and other organizations that they provide their PIV-I cards to for enrollment and access to facilities, information systems, networks, etc. As required by the Government FIPS 201 standard, all personally identifiable information stored on PIV-I cards is protected by the Subscriber's PIN, i.e., the Subscriber's personally identifiable information cannot be read by any system until the Subscriber enters their PIN. ActivIdentity does not make any claims about which Government agencies or organizations will accept PIV-I cards. ActivIdentity does not transmit any personally identifiable information to those Government agencies or other organizations selected by Customers and Subscribers. The sole means for a Subscriber to share their personally identifiable information with a selected Government agency or other organization is by presenting their PIV-I card for electronic authentication and entering their PIN. As required by the Customer Agreement between ActivIdentity and the Customer, Customers and Subscribers are responsible for protecting their PIN and must notify ActivIdentity if their PIN is compromised.

Children's Privacy

ActivIdentity recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children's online activities and interests. This Site is not intended for children under the age of 13. ActivIdentity does not target this Site or its services to children under 13. ActivIdentity does not knowingly collect personally identifiable information from children under the age of 13.

Disclosure

ActivIdentity is required by the United States Federal Government to compare some of the information you choose to provide us with information contained in a third-party database or with some other third party source. We do this comparison in order to authenticate your identity and other attributes, and also to prevent identity theft. We have confidentiality agreements in place with these third-party database providers restricting the use of your information solely to perform the services on our behalf and restricting further disclosure of your information. In certain limited situations, we have contracts in place permitting the third-party database to disclose the information to its subcontractors or affiliates, but only for authenticating your identity and only in accordance with confidentiality agreements. By becoming a PIV-I Customer or Subscriber and providing your personally identifiable information during the application process, you specifically consent to this disclosure and use of your personally identifiable information.

We also may provide your personally identifiable information and the data generated by cookies and the aggregate information to the vendors and service agencies that we may engage to assist us in providing our services to you for their use solely to provide us with such assistance.

From time to time, we may purchase a business or sell one our business (or a portion thereof) and your personally identifiable information may be transferred as a part of the purchase or sale. In the event that we purchase a business, the personally identifiable information received with that business would be treated in accordance with this privacy policy. In the event that we sell a business, we will use reasonable efforts to include provisions in the selling contract requiring the purchaser to treat your personally identifiable information in substantially the same manner required by this privacy policy (including any amendments).

We may also disclose your personally identifiable information as set forth in the "Disclosures Required by Law" Section below.

Cookies, Aggregate Data and Other Tracking Technologies

The Site pages use "session cookies" or their equivalent to temporarily store information about your visit and to track transactions while you are online. Session cookies expire automatically after you leave the Site and the information is discarded and non-retrievable. "Persistent cookies" - sometimes used to track user activity over multiple sessions and/or web sites - are not used on this Site.

If you register online using our Site, we also may collect and store certain information about your visit automatically including: 1) internet domain and IP address from which you access our Site; 2) the date and time you accessed our Site; and 3) the pages you visit. We also may collect general demographic and profile data at our Site from time to time. We will use this non-personally identifiable data in order to better understand and assist our customers and to help improve our Site and services. This data is used only in anonymous and aggregate form and does not identify you or your personal details.

Data Security

Wherever your personally identifiable information may be held within ActivIdentity or on its behalf, we take reasonable steps to protect the data that you share with us from unauthorized access or disclosure. ActivIdentity trains employees on its privacy policy guidelines and makes the privacy policy available to its business partners. In addition, ActivIdentity and its business partners enter into confidentiality agreements that require that care and precautions be taken to prevent loss, misuse, or disclosure of your personally identifiable information. It is important for you to protect against unauthorized access to your online account password and to your account. Be sure to sign off your account when finished using a shared computer.

In addition, ActivIdentity takes precautions to protect user information on the Site: ActivIdentity uses industry-standard security measures, such as firewalls and Secure Socket Layer (SSL) technology, that are reasonably designed to safeguard the confidentiality of users' personally identifiable information. We store user information on secured servers that can only be accessed by authorized personnel.

Data Integrity

ActivIdentity processes personally identifiable information only in ways required to operate and provide our PIV-I Service. To the extent necessary for such purposes, we take reasonable steps to make sure that personally identifiable information is accurate, complete, current, and otherwise reliable as set forth in the "Disclosure" Section above and by enabling you to access your account and update your personally identifiable information. At such as time as ActivIdentity determines that it no longer requires your personally identifiable information in connection with the PIV-I Service, your personally identifiable information will be permanently deleted.

Disclosure Required by Law

We may cooperate with law enforcement agencies in identifying users who use the Site or our services for illegal activities. Therefore, we respond to subpoenas, warrants, or other court orders regarding information concerning any user. We will, at our discretion, disclose information, including your personally identifiable information, if we reasonably believe that we are required to do so by law, that such disclosure is necessary to protect us from legal liability, or that we should do so to protect the integrity of the Site or the service.

Policy Changes

This privacy policy may be updated from time to time as our services change and expand. We suggest that you review it periodically. In the event of a change, we will post a change notice on this Site and we will attempt to notify you of such changes through contact information you provide to us. If we amend the policy, the new policy will apply to personally identifiable information previously collected only insofar as the rights of the individual affected are not reduced.

Users Outside of the United States

Our computer systems are currently based in the United States, so your personally identifiable information will be processed by us in the U.S. where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the European Union. If you create a user account with the Site or provide personally identifiable information to us through your use of the PIV-I Service, as a visitor from outside the United States, you agree to this privacy policy and you consent to the transfer of all such information to the United States, which may not offer an equivalent level of protection of that required in the European Union or certain other countries, and to the processing of that information as described in this privacy policy.

Inquiries and Suggestions

If you require further information or if you have any questions or concerns about our privacy policies and procedures, please contact us at:

    ActivIdentity, Inc.
    c/o Privacy Manager
    6623 Dumbarton Circle
    Fremont, CA 94555 USA
    privacy@actividentity.com

We investigate all the concerns we receive and take appropriate measures to ensure that our practices are as stated in this privacy policy.