Privacy Policy.

The ID Co. Limited, having a principal place of business at Norloch House, 36 Kings Stable Road, Edinburgh, EH1 2EU (referred to as “The ID Co.” or “we” or “us”) is committed to protecting and respecting your privacy in all its dealings with you.

The ID Co. provides online identity verification services for:

a. You (via the miiCard platform); or

b. Relying Parties (via the DirectID platform) and their users or customers (“Relying Parties” or “Relying Party” are businesses that The ID Co. contract with for DirectID and you share your information with through the DirectID platform).

If you wish to get in touch please contact us at:

For DirectID:

For miiCard:

Relying Parties may request you to verify your personal, identity and financial information through the DirectID platform (which we do on their behalf).

This privacy policy applies to the services owned and/or operated by The ID Co. either on its own behalf (as data controller in terms of data provided through the miiCard platform) or on behalf of Relying Parties (as data processor in terms of data processed using the DirectID platform).

This privacy policy describes how we collect and use the personal information you provide on our web sites, services, tools and APIs. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. We may check the details you provide with fraud prevention agencies and share your information with them if we suspect fraud. It is important that you don’t provide false, inaccurate information or impersonate another individual.

For the purposes of the Data Protection Act 1998, the data controller is The ID Co., for personal information provided directly to us by you when / in the case of utilising the miiCard service. In the case of personal information provided to us as part of a process instructed by a Relying Party the data controller in terms of the Data Protection Act 1998 shall be that Relying Party (The ID Co. is a data processor in that instance).


Consent and Collected Personal Information

By using our services, you have consented to us using your Personal Data either as data controller or in our capacity as data processor. You understand (which shall include but not be limited to name, address, date of birth, financial data, documents and credit reports). Depending on the Relying Party with whom we contract this may include verifying your identity, understanding your credit risk and affordability, dispute resolution, preventing fraud or other related business activities of both regulated and non-regulated businesses.

If you wish to change your consent at any time, please contact us.

Depending on the service which you have utilised (DirectID or miiCard) you may be provided with a form by us that identifies the records to be withdrawn for processing or may be directed to the relevant Relying Party.

We collect your Personal Data when you use our website and services either as data controller on our own behalf in the case of miiCard platform or data processor in the case of DirectID platform. We commit to doing what we can to make the purpose for which we collect data and in what capacity as clear as possible at all times.

Any personal information we collect will be used by us strictly in accordance with current data protection legislation and this Privacy Policy.


How we might use your information

We collect personal information from you for a number of reasons including processing or registering you as a user of a Relying Party's service in the case of the DirectID platform or providing services on our own behalf in the case of the miiCard platform. Depending on the Relying Party this may include information such as financial, bureau, credit reference agency and other data sources.

Your personal information is either supplied by the Relying Party to us (or captured via DirectID platform), or captured through our miiCard service, where you enter these details directly. Reasons for capturing your personal information include our work for a Relying Party/Parties in the case of DirectID or on our own behalf in the case of miiCard:

a. Verifying your identity

When verifying your identity, we will collect information such as email addresses, usernames and passwords, along with other personal information we will need in order to complete the verification service. This will include, for example, your name, date of birth, your residential address and postcode. This information may be checked against external databases, such as the electoral roll and your credit file, to which we have access for this purpose. We will collect and store a record of the check as well as any additional information you provide, including (but not limited to) aliases, previous addresses and financial associations. This information may be disclosed to the participating Relying Party and authorised Relying Parties through our credit referencing, fraud prevention, risk assessment and identification products.

We may ask you to provide documentation for the purpose of verifying your identity, such as government or other identity documents, utility bills or bank statements.

If false or inaccurate information is provided or fraud is identified, details will be passed to fraud prevention and law enforcement agencies to prevent fraud and money laundering. We may also use this false or inaccurate information to prevent fraud and money laundering, for example when: checking details on applications for credit and credit-related or other facilities; managing credit and credit-related accounts or facilities; recovering debt; checking details on proposals and claims for all types of insurance; checking details of job applicants and employees. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

Further details explaining how the information held by fraud prevention agencies may be used can be obtained by contacting us.

b. Processing your requests

As part of the processing of verification requests we will obtain electronic copies of your documents, financial data and credit reference files and this will be stored in a private area accessible only by us and the participating Relying Party (if applicable).

This information may be disclosed to authorised Relying Parties (as the data controller) through our credit referencing, fraud prevention, risk assessment and identification products. We do not share, rent or sell personal information for any reason that is not disclosed in this policy or apparent to you at the time the information is requested except in performing statistical analysis of users’ behaviour as a whole; and to help in the creation of anonymised statistical data which we may use at our discretion (including licensing to third parties).


Your rights to see your personal information / data

You have the right at any time to see the personal data (as defined in the Data Protection Act 1998) that we keep about you, on receipt of a written request, verification of your identity, and details needed to identify your records. If you have been directed to us using the DirectID product then your request in the first instance should be directed to the Relying Party or Parties.

If you would like a copy of or are concerned that any of the personal information we hold on you is incorrect, please do contact us.


How long we keep your personal information

We will only retain your personal information for as long as is required to carry out a particular purpose or meet particular obligations. In some cases this means for at least 7 years to meet compliance requirements or as needed to provide you services depending on the service and Third Party. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. If your account is deleted all personal information will be removed from our systems except for any transaction data, history logs, and records required to comply with our legal obligations, resolve disputes and enforce our agreements.


a. miiCard, you can delete your data at any time by logging in;

b. DirectID, your data is kept as long as required by the Relying Party (the “Data Controller” in that instance). If you wish your data to be deleted or no longer used please contact the Data Controller / Relying Party or ourselves.

Anonymised and behavioural data including data which is used to build market trends and insights as described above may be kept indefinitely.


Third Party Disclosure

As part of providing our services (both in relation to the miiCard platform and in relation to DirectID platform for participating Relying Parties) we may disclose your personal information to authorised Third Party services as defined either by ourselves or the Relying Party to us. This may include disclosure:

  • to selected agents, sub-contractors and third party processing companies for the purposes of market research and for analytical and statistical purposes in connection to the purpose shared during consent;
  • the third party provider with which we work from time to time to process your request;
  • to any Third Party, but only to the extent that we are permitted to do so in accordance with the marketing consent given to us (or the Relying Party) by you, or to the extent we are required to do so by law;
  • to fraud prevention agencies to prevent fraud and money laundering if false or inaccurate information is provided and fraud is identified.


Third Party services are subject to change from time to time, but include at the time of writing:

  • Callcredit Limited for ID Verification, Credit Risk and Fraud Prevention services;
  • Mitek Inc for document authentication services;
  • Equifax Inc for US bureau and related services; and
  • Yodlee Inc for account aggregation services.

We will not disclose your personal information to anyone other than described within this Privacy Policy without your consent either directly or where we are instructed on your behalf to do so by a Relying Party or as required by law.


Auditing and Log Files

As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.



The security of your personal information is important to us. We follow best practice industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Commonly referred to as 'bank-level' security this means we use the same encryption standards that you would have with your own bank. We also routinely run security audits to ensure we meet these standards at all times. On top of internal audits, working to the ISO27001 standards, our security is audited by a leading CREST and CHECK certified consultancy.

When you enter sensitive information (such as bank credentials, credit card number) you should always be encrypted using secure socket layer technology (SSL). We will always use such encryption.


Tracking Technologies

Technologies such as: cookies, beacons, tags and scripts are used by The ID Co. and our partners (e.g. marketing partners), affiliates, or analytics or service providers (e.g. online customer support provider). These technologies are used in analysing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We may use cookies to keep track of your preferences and profile information, to send you more relevant information related to your account, and to allow you to interact with social networking sites. Cookies are also used to collect general usage and volume statistical information that does not include personal information. We use another company to place cookies on your computer to collect non-personally identifiable information to compile aggregated statistics for us about visitors to our site. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our sites, but your ability to use some features or areas of our sites may be limited.

We use Local Storage Objects (“LSOs”) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your web browsing activity also use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.


More on Cookies

Cookies are small text files of information stored on your computer when you visit certain webpages. The cookie may contain a unique identifier but it does not contain personally identifiable information such as your name or email address. This information may be analysed by third parties on our behalf, but is not sold on to anyone else.

Below is an explanation of the cookies we use and how you can manage these to suit you best:-

a. Understanding how you use the site and service

We use a range of services to understand how you use our websites and services including Google Analytics, Pardot and Chartbeat. This helps us continually improve our service and deliver more relevant and useful content to you.

b. Social Sharing

We have social sharing enabled on our websites and the miiCard product so you can share content on your social networks. If you 'share' our content with friends through social networks – such as Facebook, Twitter and LinkedIn - you may be sent cookies from these 3rd party websites. We don't control the setting of these cookies, so we suggest you check the 3rd party websites for more information about their cookies and how to manage them.

c. Session

In order to maintain the flow of our services several small cookies are stored to track the service state and persist local references. These cookies have no personally identifiable information and are used in several scenarios to provide a cleaner and more consistent experience. Generally these cookies have a short lifespan and all are restricted to use by our services.

d. Behavioural and Retargeting

The ID Co. collects data about your activities that does not personally or directly identify you when you visit our websites. This information may include the content you view, the date and time that you view this content, the products you view or purchase, or your location information associated with your IP address. We use the information we collect to serve you more relevant advertisements (referred to as “Retargeting”). We collect information about where you saw the ads we serve you and what ads you clicked on. We also use cookies to confirm that a sale has occurred and will exclude customers from further advert Retargeting. For tools and downloads to opt-out of Google Analytics tracking please visit Google Analytics Opt-Out.

e. Google AdSense/Adwords

We use Google AdSense/Adwords to publish ads on our websites. When you view or click on an ad a cookie will be set to help better provide advertisements that may be of interest to you on this and other websites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page here.

f. Managing cookies

To accept cookies when browsing our websites simply accept cookies in the message that appears on the bottom of your screen. To disable cookies please adjust your browser settings. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences. The Help menu on the toolbar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether.


Changes to our privacy policy

We may need to modify this privacy policy at any time, so please review it frequently. We will post a revised version of this Privacy Policy on the Website. We urge you to check the Privacy Policy regularly to obtain the most up to date copy. Updated versions of our Privacy Policy will be effective immediately when they are posted on the Website.

This Privacy Policy is v.24 published on 18 May 2017.


Contact Us

If you have any comments or queries in connection with our Privacy Policy, please email:

For DirectID:

For miiCard: