Error

Biometric Data Consent Form

Version 3.4

Download

Table of Contents

    Biometric Data Consent Form

    Summary.

    This summary is intended to help you quickly understand what you are being asked to agree to when you sign up at an Orb. If you would like more information, please review the full text of the consent, provided below.

    You do not have to agree to this Biometric Data Consent Form in order to take part in the Worldcoin project.

    PLEASE NOTE: If you decide to sign-up with an Orb we will create a unique Iris Code (as defined below) that cannot be deleted anymore (if we were to delete it, the proof of uniqueness would not work ).

    Here are your options:

    Options

    Impact

    Specifics

    #1.

    Don’t Agree to this Biometric Data Consent Form

    No Data Collected at Orb, Limited Functionality

    You can create an account and establish a wallet in the App, but you will not be able to use certain features in the App, such as claiming your share of WLD for free or establishing a unique, portable digital identity. Like every user, you still must agree to the Privacy Notice and User Terms and Conditions.

    #2.

    Agree to this Biometric Data Consent Form, but Do Not Enable (“Opt out of”) Data Custody

    Data Collected at Orb, Data Temporarily Stored and Locally Processed, Full Functionality but potentially Some Inconvenience

    You allow us to collect images of your irises, eyes, and face when you sign up at an Orb. The Image Data is deleted after the Orb creates the IrisCode based on your iris image. We do not retain or transfer the Image Data to our database. The Image Data will not be transferred out of the Orb. You may, however, later need to revisit an Orb so that your IrisCode can be reverified as we update our algorithms.

    #3.

    Agree to this Biometric Data Consent Form and Enable (“Opt Into”) Data Custody

    Data Collected at Orb, Data Transmitted and Stored on Server, Full Functionality

    You allow us to collect images of your irises, eyes, and face when you sign up at an Orb. Further, you allow us to store this information and transfer this data to our teams in the European Union and the United States, for the purpose of training our algorithms, as detailed below. You will have full functionality and may not need to revisit an Orb if we update the algorithms. Plus, you will help us to build and improve our product.

    You can withdraw your consent to this Biometric Data Consent Form at any time by using our request portal found at worldcoin.org/requestportal.



    You cannot provide your biometric information at the Orb without reading the full disclosure and signing the consent form. You cannot provide your biometric information at the Orb if you are a resident of the state of Illinois, Texas, or Washington or the cities of Portland, Oregon or Baltimore, Maryland.

    We are excited that you have decided to expand your participation in the Worldcoin community! Worldcoin is an open-source protocol, supported by a global community of developers, individuals, and other contributors. Privacy is in our company’s DNA. We provide a proof of uniqueness and humanness (Proof of Personhood) that requires as little data as possible. No passport, no official documents are required. We do not even want to know your name.

    Tools for Humanity Corporation, along with its German subsidiary Tools for Humanity GmbH (together, “TFH” or “we,” “us”), is contributing to the initial development of Worldcoin. Our processing (collection, use, storage, disclosure, and deletion) of your personal data is governed by two documents: the Privacy Noticeand this Biometric Data Consent Form. The Privacy Notice covers data collected via our website, application, and other services, while this Biometric Data Consent Form describes how we process your biometric data collected through our Orb device. These documents work together, and both are important for understanding how your privacy is affected by participating in the Worldcoin project. The Privacy Notice and this Biometric Data Consent Form are incorporated into and governed by the User Terms and Conditions.

    Further, we adhere to the principles of the EU General Data Protection Regulation (“GDPR”) for privacy matters. For example, even if your country has data privacy laws that are less protective than the GDPR, we still process your data in accordance with GDPR. We will also only use your data for the purposes stated below in Section 2.2 (and Section 3.4 if you enable Data Custody), even if the data privacy laws in your country would not otherwise limit how we use your data.

    This Biometric Data Consent Form is comprised of three parts:

    1. Background on the Worldcoin project;
    2. Consent to processing of biometric data;
    3. Enabling Data Custody; and
    4. The statutory rights under GDPR.

    1. Background.

    1.1 The Worldcoin Project.

    Worldcoin is building a solution—a privacy preserving identification system designed to give everyone in the world access to the global digital economy. We call it World ID. “Worldcoin'' is the name currently used for both the underlying blockchain protocol where transactions take place and the specific digital token (abbreviated to “WLD”). To make Worldcoin accessible and equitable, we will allow everyone to claim a share of WLD for free. For the project to succeed, though, we must address the problem of online duplicate and fake accounts (like bots), while protecting your privacy and the security of your data. As a result, we have set out to use iris images to establish unique human identities and, more broadly, to create an application that can confirm a human presence based on iris images. You can read more about the Worldcoin project at its website (worldcoin.org).

    1.2 The Orb.

    To implement secure verification, we have developed a proprietary device called the Orb. It confirms you are a “unique human” without requiring you to provide any identity documentation or other information about who you are. The Orb captures a series of high-resolution images of your eyes (specifically, your irises) and face (both your head and shoulders).

    1.3. The Controllers

    The joint data controllers are:

    • Tools for Humanity Corporation, 548 Market Street, PMB 49951, San Francisco, CA 94104 USA, and
    • Tools for Humanity GmbH, Allee am Röthelheimpark 41, 91052 Erlangen, Germany

    The details of the joint controllership arrangement are as follows: Tools for Humanity Corporation is primarily responsible for developing, operating, and supporting the Services, including responding to data subject requests and complying with any statutory obligations. Tools for Humanity Corporation is also responsible for the day-to-day business activities such as people operations and recruitment.

    TFH Germany is primarily responsible for developing and training the algorithms, building and managing the data flows from the Orb to our servers, and general oversight on the Orbs and the Orb Operators.

    To the user, both entities act as a single entity. Users can contact either entity for any processing activity. In the relation to the user both entities declare themselves equally responsible for any activity.

    2. Consent to the Processing of Biometric Data.

    2.1 Data We Collect.

    With your consent, we collect the following biometric and personal data using the Orb:

    • Images of your irises and your eyes. These images are collected in the visible and near-infrared spectrum. As described in Section 2.3, below, the algorithm is not perfect and may make mistakes, such as erroneously determining that you have already signed up at an Orb and claimed your free share of WLD.
    • Images of your face. These images are also collected in the visible, near-infrared, and far-infrared spectrum. We also collect (3D) depth images. The images are used to confirm you are a human being, and therefore help detect and prevent fraud, and train the fraud prevention algorithm (together these facial images and the iris images are referred to as “Image Data”).
    • Derivatives of the above data. We use complex state of the art algorithms and our own neural networks to create numerical representations (Derivatives) of the above images to enable machine comparisons and interactions between them. These derivatives are strings of numbers (e.g., “10111011100…”) that entail the most important features of the images. It is not possible to fully reverse the Derivatives to the original image. Most importantly, we use our custom version of the Daugman Algorithm to calculate such a string of numbers from the iris image (“Iris Code”). This Iris Code is used to ensure that users can only sign-up once.

    Important! We are collecting these images to determine whether you are a unique human. In other words, the system is designed to confirm that you are a real human (liveness) and that this is the first time you have visited an Orb (uniqueness). We do not use the data to know who you are.

    The data we collect (described above) may or may not be considered biometric data depending on the applicable laws where you live. However, we treat them as biometric data and handle them with extra security and care. The legal basis to collect the images is your explicit consent. The legal basis to calculate derivatives of those images (like the Iris Code) is your explicit consent. The legal basis to store the Iris Code is our legitimate interest — namely, our interest to defend ourselves against fraudulent users that illegally try to sign-up more than once.

    2.2 What We Do with This Data.

    With your consent, we use the above data for the following purposes only (unless you enable Data Custody, described below):

    • Calculating Iris Codes;
    • Comparing your Iris Code against other Iris Codes; and
    • Security and fraud prevention. This includes:
      • Detecting whether a user is a living human being which includes checking whether the detected faces temperature matches a normal human body temperature;
      • Detecting whether a signup shows an unaltered, unobstructed, natural human iris which includes checking whether the face changes during the sign-up; and
      • Detecting whether the person has already appeared in front of the Orb which includes processing locally stored derivatives of face images.

    After the sign-up all images are deleted immediately. They never leave the RAM of the Orb. All calculations take place locally on the Orb. Derivatives of the images are deleted as soon as their purpose is fulfilled.

    We do not share the images or derivatives of the images with anyone not working on the Worldcoin project

    2.3 Accuracy.

    The algorithm software uses probabilities to determine whether you have signed up at an Orb before. It is not perfect. As a result, it may mistakenly conclude that you have already signed up at an Orb (and claimed free WLD) before. At this time, we do not have a way for users to report suspected errors or to contest the algorithm’s determinations. By agreeing to this Biometric Data Consent Form, you provide your consent to this automated decision making.

    2.4 Consent to this Biometric Data Consent Form is Not Required to Participate in Worldcoin.

    You do not have to agree to this Biometric Data Consent Form in order to take part in Worldcoin. You can still create an account and establish a Worldcoin wallet without providing this consent, though you will still need to agree to the Worldcoin User Terms and Conditions and Privacy Notice. Further, if you choose not to agree to this Biometric Data Consent Form, then you will not be able to participate in certain aspects of Worldcoin, such as receiving a small amount of WLD for free or establishing a unique, portable digital identity.

    2.5 Withdrawing your Consent

    You can withdraw your consent at any time by contacting us at:

    The Worldcoin Request Portal at worldcoin.org/requestportal, or

    548 Market Street, PMB 49951, San Francisco, CA 94104 USA

    You can also delete your data from within the App under the Settings menu. If you withdraw your consent, then we will no longer use your data for the purposes stated above.

    3. Enabling Data Custody.

    3.1 Current Status of the Worldcoin Project: The Field Test.

    We are still working to improve the operation of the Orb and to advance the hardware and software systems that determine if someone is eligible to receive a free share of WLD. We call this stage of our development the Field Test.

    To improve the accuracy of the system’s eligibility determinations, we need to continue training our algorithm software. “Training” means using images from real people like you to help the software “learn” to distinguish humans from non-humans and differentiate one person from everyone else. As the software is trained and gets better, we will update it from time to time. When that happens, we may need to re-verify your unique digital identity, which would require using your iris image again.

    3.2 Data Custody.

    If you consent to this Biometric Data Consent Form, in the App you will be asked to “Enable Data Custody.” If you choose to opt into Data Custody, you will allow us to:

    1. Hold onto Image Data collected by the Orb during the Field Test;
    2. Send the Image Data to our teams in the European Union and the United States; and
    3. Use the Image Data to continue developing and improving the software, as described below.
    4. Label your Image Data with the perceived and approximated gender, age range, and skin color to train on algorithmic fairness in light of the diversity in the world.

    This will likely help you avoid some inconvenience because, if we have your Image Data, then you will not need to return to an Orb to re-verify your digital identity when we update the software. It will also help us because we can then use your Image Data to make the system better and bring Worldcoin to the world faster. Again, you are not required to Enable Data Custody, but doing so may help you and us, and so is greatly appreciated.

    3.3 Data We Collect When You Enable Data Custody.

    With your consent to the Biometric Data Consent Form, we collect images of your irises and images of your face, as described in Section II.1 above. The Image Data we collect does not change if you agree to Data Custody.

    3.4 What We Do With the Data When You Enable Data Custody.

    When you agree to the Biometric Data Consent Form, we use the above data for the purposes described in Section 2.2. When you also enable Data Custody, we use the data for the following additional purposes:

    • Automatically upgrade your IrisCode in the event we update our the algorithm that calculates Iris Codes;
    • Optimizing and improving the IrisCode and Derivatives calculation;
    • Labeling the collected data
    • Using data to train and select labeling staff;
    • Developing and training algorithms to recognize, segment and differentiate among images of human irises and faces;
    • Test the algorithms against the human labeled results;
    • Detecting and removing bias from our algorithms (such as training on algorithmic fairness using the approximated gender, age range, and skin color);
    • Developing, training, and testing a system to detect whether a user is a human presenting a real human eye and whether a signup is valid;
    • Developing, training, and testing models that use artificial iris images for further training of algorithms;
    • Developing, training, and testing models that improve the Orb performance and user experience; and
    • Training and evaluating personnel who work on these systems.

    We will never sell your data. We will also not use any data listed in this form to track you or to advertise third parties’ products to you.

    3.5 Whom We Share the Data With When You Enable Data Custody.

    When we share your data outside of TFH, we will always:

    • Share it in a reasonably secure way;
    • Take steps to ensure that it is handled in a manner that is consistent with our commitment to your privacy; and
    • Prohibit other companies from using it for their own purposes.

    If you enable data custody we do share your data in these limited ways:

    • With Worldcoin: We may disclose data with the Worldcoin Foundation or a subsequent organization responsible for promoting and furthering the mission of the Worldcoin project.
    • Within TFH: We only disclose data to our team members who require access in order to perform their tasks and duties. We only disclose as much data as is needed to perform specific tasks and duties and have a system of strict access control.
    • With vendors and service providers outside of TFH: We only disclose data to service providers whose services we rely on in order to process the data and provide our Services to you. We only disclose data with identity verification vendors if required by Law (i.e., know-your-customer requirements).
    • The categories of such service providers are:
      • Cloud service providers (all data types)
      • SaaS providers; we use SaaS products in the following categories:
        • Database and infrastructure management
        • Data security
        • Data subject request management
        • Technical support
      • External experts
        • Specialist software developers
        • Legal specialists
      • Labeling service providers

    3.6 Transfer of Data, including Possible Risks.

    When you enable Data Custody, and therefore allow us to use your data for the purposes described above in Section 3.4, we generally send the data to our Research and Development (“R&D”) teams, and this may result in your data being transferred outside of the country where it was collected. These teams are currently located in the European Union (currently Germany and Poland) and the United States. Our Privacy Notice explains how we protect and comply with cross-border data transfer laws. Section 6 of the Privacy Notice laid out the risks related to such cross-border data transfer.

    We store the Image Data in regional buckets in the EU, the US, Brazil, India, Singapore, and South Africa. If you sign up in these countries your data will be stored there. If you sign-up in other countries your Image Data is stored in one of the buckets based on latency and availability of the network. For example:

    • If you sign up to the Worldcoin project in the EEA or the UK, then your Image Data is stored in the EU.
    • If you sign up in Kenya, Uganda, Ghana, or Nigeria, then your Image Data may be stored in South Africa or in the EU, depending on the latency at the time of your sign-up.
    • If you sign up in Indonesia, then your Image Data may be stored in Singapore or in India, depending on the latency at the time of your sign-up.
    • If you sign up in Mexico, then your Image Data may be stored in the US or in Brazil, depending on the latency at the time of your sign-up.
    • If you sign up in Chile, Argentina, or Columbia, then your Image Data is likely stored in Brazil.

    For Machine Learning purposes all Image Data will then be further transferred and stored in the European Union and the United States.

    Below is a list of possible risks that may arise if we transfer your data to the United States, the European Union, or another country. Below we also summarize how we mitigate the respective risks.

    • While we do what we can to ensure that our processors or (i.e. “subcontractors”) are contractually obligated to adequately protect your data, these subcontractors may not be subject to the data privacy law of your country. If the subcontractors were to illegally process your data without authorization, then it may be difficult to assert your privacy rights against that subcontractor. We mitigate this risk by having strict data processing agreements with our subcontractors that oblige them to protect the data at a GDPR level and to fulfill subjects’ requests.
    • It’s possible that the data privacy law in your country is inconsistent with the data privacy laws in the U.S. or in the E.U. We always try to adhere to the highest standard of data protection we are subject to. So far, we found this to be GDPR and are treating all data as if it were governed by GDPR.
    • It may be possible that your data will be subject to governmental access of officials and authorities. In those cases we have committed ourselves to challenge any invalid, overbroad, or unlawful governmental request to access in court. We further use advanced encryption to hinder unauthorized access.

    Please note that this list contains examples, but may not include all possible risk factors.

    Please note further that there is no adequacy decision from the EU for data transfers to the USA.

    The European Union Commission responsible for making determinations of the adequacy of the Privacy Laws of other jurisdictions in comparison to the GDPR has not yet positively established that the country-specific level of personal data protection in the United States, where part of your data is processed, provides the same level of protection as the Privacy Laws in the European Union.

    We will not sell, lease, trade, or otherwise profit from your biometric data.

    3.7 Retention of Data.

    We will retain the Image Data until the development and improvement of the algorithm has concluded or as required by law or regulation. In any case, we will delete the Image Data upon your request.

    4. The statutory rights under GDPR

    This section applies if the processing of your data falls under the GDPR’s scope of application (e.g., if you are a resident of the European Economic Area). You may have additional rights under GDPR as listed below. To exercise your rights available under GDPR, please contact us at worldcoin.org/requestportal.

    • You have the right to obtain from us at any time upon request information about the personal data we process concerning you within the scope of Art. 15 GDPR.
    • You have the right to demand that we immediately correct the personal data concerning you if it is incorrect.
    • You have the right, under the conditions described in Art. 17 GDPR, to demand that we delete the personal data concerning you. These prerequisites provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject.
    • You have the right to demand that we restrict processing in accordance with Art. 18 GDPR.
    • You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR.
    • You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6 (1) sentence 1 lit. f GDPR, in accordance with Article 21 GDPR.
    • You have the right to contact the competent supervisory authority in the event of complaints about the data processing carried out by the controller. The responsible supervisory authority is: the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutz).
    • If the processing of personal data is based on your consent, you are entitled under Art. 7 GDPR to revoke your consent to the use of your personal data at any time with effect for the future, whereby the revocation is just as easy to declare as the consent itself. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.



    DCF20230220