Privacy Policy

About VirtualSignature ID Validate Limited​

VirtualSignature ID Validate Limited is a digital onboarding platform that is used by professional organisations to carryout various online processes including; electronic signature exchange, Identity verification and anti-fraud protection. We take privacy very seriously and always strive to protect your personal information as required under the Data Protection Act 2018 and General Data Protection Regulation (GDPR) Articles 14(1)(e)and 14(2)(f).

Please read this privacy notice very carefully.

People who use our services

VirtualSignature ID Validate Limited offers numerous services. We must hold the details of the people who have requested the service to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an effortless way of doing this. We may use your data for the following purposes:

  • To enable us to process your orders with us
  • To carry out our obligations arising from any contracts entered into between you and us
  • To allow you to participate in interactive features of our service, when you choose to do so
  • To allow you to participate in our competitions and promotions, when you choose to do so
  • To notify you about changes to our service
  • To share with third party processors where necessary and as detailed in this privacy notice
Types of personal information collected by VirtualSignature–ID

Identity checks are carried out by us on behalf of our clients and as such we need to collect certain information to provide this service. For the purposes of the General Data Protection Regulation as incorporated into UK law by the Data Protection Act 2018 (GDPR), it is our clients who are the controllers of your information and we are processors.

Some or all of the following information may be processed by us depending on which service or check our client has instructed us to carry out:

  • Contact information
  • Name
  • Address
  • Email address
  • Sex
  • Date of birth
  • Nationality
  • Associated Third Party information eg. family members
  • Passport information
  • Driving license number
  • Identity card number
  • HR information
  • PEP and Sanctions information
  • Adverse media
  • Bank details
  • Company Director information
  • Company ownership details

Obtaining and processing your information

Our clients will pass your information to us once you have given them permission to do so for the purposes mutually agreed with them. You will receive a link so that you can submit your information to us and we use that information to carry out these checks.

We process this information for one or more of the following reasons:

  • Customer screening (Know Your Client “KYC” Checks)
  • Anti Money-Laundering (“AML”) Checks
  • Criminal record checks
  • Right to work checks
  • Right to rent checks
  • Address verification
  • Politically Exposed Person (PEP) & Sanction checks

We also receive personal information indirectly, from the following accredited third parties:

  • GB Group – Electoral register, National ID, criminal record data (via Cifas) and PEPs and Sanctions Data
  • Equifax – Electoral register, Credit Header Information (no personal credit information is obtained)
  • Halo – National Deceased Persons information
  • Microsoft Azure – OCR Document Scanning Application
  • Facetech Inc – 3D Biometric Liveness and Anti-spoofing check
  • Lexis Nexus – International PEPs, Sanctions and Adverse Media Information

VirtualSignature-ID will perform the required checks and a summary of the results will be returned to the client. No data will be retained by VirtualSignature-ID and it is for VirtualSignature’s client to make any decisions as to whether to progress your application with them.

VirtualSignature-ID cannot be held liable for the information received from these third party agencies or for any decision made by our client as a result of the data they have supplied.

For more information concerning what constitutes our legal obligation under GDPR rules, please refer to Article 6.1b “Contractual Obligation”

Collection and Storage of Face Data

As an ID Service Provider (IDSP) we may be required to collect your biometric face data for the purposes of matching such data to your identity document in order to verify your identity. We will only store biometric face data for the duration of the verification process, after which it will be deleted. However, it may be necessary for certain identification processing for the data to be retained for up to a maximum of 90 days. We will not hold this biometric face data beyond 90 days.

We do not usually need to share biometric face data with any third party. However, in the event that any such data is to be shared with a third party, it would only be for the purposes of continued processing of the data for identity verification purposes and it would be with your express consent. We would not share any data for any other purpose, such as analytics or marketing and we would always ensure that any third party provides the equivalent level of protection of that data, as stated in this Privacy Policy.

As stated in Section 16 of this document, you reserve the right to revoke consent and/or request deletion of any personal data, including biometric face data, where applicable.

How we use your information

Under GDPR rules, VirtualSignature ID Validate Limited is the data controller for the information you provide during the process unless otherwise stated. If you have any queries about the process or how we handle your information, you can do so by emailing us at

All the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements where necessary.

We will not share any of the information you provide during the process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. You may be asked to digitally upload the following information via a secure portal for our ID verification and Biometric Face Recognition process to be completed:

  • A valid ID document (Passport / Drivers Licence or ID Card)
  • Proof of Address documentation
  • Bank information

As a data processor, we will not divulge any personal data or information about you to a third-party without your prior written consent and any information we hold will only be retained for the purposes of the validation process. Any information obtained will not be held by us for more than 90 days from the beginning of the process.

Visitors to our websites

When someone visits we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be open about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

When you send a document through our electronic document exchange or connect to the world wide web, we keep a record of each transaction (including the IP address, date and time) to enable us to create a unique digital fingerprint and provide a complete audit trail and certificate.

We retain information about your use of our electronic document delivery, eSignature and personal identity service, which is used to manage our electronic document exchange, security and for accounting purposes. We may also use this information to help us enhance and improve our products and services to you.

We do not store credit card details, nor do we track your visits to any other websites or supply third party marketing agencies with your data.

Use of cookies by VirtualSignature ID Validate Limited

This site uses cookies. Cookies are small text files stored on your computer when you visit certain web pages. They are used to remember your preferences and in some cases your purchases from the website. We also use cookies that enable you to more easily share pages you like via social media sites like Facebook and Twitter. They are also used to collect anonymous data about your visit (like which areas of the site you visit and for how long) to help us improve your experience of our site and eliminate errors.

Cookies are not unsafe or in themselves a threat to your online privacy but recent legislation requires that website owners give as much information as possible about cookies used on a website and clear instructions how to refuse them, should you so choose. If you do choose not to allow cookies, please be aware that this site may not be fully functional.

This site may also use cookies from certain third parties to offer you our products and services outside of this site based on what you appear to be interested in during your visit. These are listed below. To opt out, please visit the Network Advertising Initiative website or read the section on Managing your Cookies below. For more detailed information about cookies, visit

Search engine and data storage

Our search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either VirtualSignature ID Validate Limited or any third party.

The data that we collect from you is stored within the European Economic Area (“EEA”). It may also be processed by staff, operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.


We may from time to time use a third-party provider to deliver updates and e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter.

Security and performance

VirtualSignature ID Validate Limited uses a third-party service to help maintain the security and performance of the VirtualSignature ID Validate Limited website. To deliver this service it processes the IP addresses of visitors to the VirtualSignature ID Validate Limited website.


We may use a third-party service to publish blogs and other news items and may collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how processes data, please see our Privacy Policy.

People who contact us via social media

If you send us a private or direct message via social media the message will be stored by the third-party media company. Any such messages will not be divulged by us to any other media or sales organisations.

People who call us

When you call VirtualSignature ID Validate Limited we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.

People who email us

We use industry standard encryption and protocol methods to protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Lawful bases for processing your data

Under the Data Protection Act 2018 we have identified ‘Legitimate Interests’ and the performance of a Contract as our lawful bases for processing your data

Your rights

You have rights as an individual which you can exercise in relation to the information we hold about you such as your right to:

  • Make a data protection complaint
  • Be informed if your personal data is being used
  • Get copies of your data
  • Get your data corrected
  • Get your data deleted
  • Limited how organisations use your data
  • Data portability
  • Object to the use of your data
  • Get information on decisions being made about you without human involvement

You can read more about these rights here –

Access to personal information

VirtualSignature ID Validate Limited tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request about any personal information we may hold or if we do hold information about you that may be incorrect, you can may write to us addressing it to: The Data Controller, VirtualSignature ID Validate Limited, Level 40 Bank Street, Canary Wharf, London E14 5NR

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated in October 2022.

How to contact us

If you want to request information about our privacy policy, you can write to us at: Copyright VirtualSignature ID Validate Limited Limited, Level 40 Bank Street, Canary Wharf, London E14 5N