Last Updated: Nov 16, 2023
Purpose and Scope of the Policy
Fastkey operates in compliance with the laws and regulations of the United States and Canada, including the Fair Credit Reporting Act (FCRA).. This policy has been structured to meet the legal requirements of these jurisdictions. We are committed to upholding the highest legal and ethical standards and will continually adapt our practices and this policy to meet any changes in these laws.
Types of Information Collected
Fastkey collects various types of information to deliver our services effectively. This includes but is not limited to:
- Personal Identifiable Information (PII) such as name, date of birth, Social Insurance Number or equivalent, and contact information.
- Financial Information, including but not limited to credit reports, income, and employment history.
- Criminal Background Information.
- Rental History.
- Ambiguous or Anonymized Information that cannot directly identify you but may be useful for analytical or statistical purposes.
Biometric Data Processing for Identity Verification
Fastkey employs biometric technology for enhanced identity verification, utilizing either Stripe's Identity API or Certn's API based on specific service requirements. This process includes the use of facial recognition technology to ensure accurate and secure identity verification.
Collection and Use of Biometric Data: The purpose of collecting biometric data, specifically through facial recognition scans, is to verify your identity accurately. This involves using a real-time photo of your face to create a digital facial map, which is then compared against your identity document.
Importantly, Fastkey does not store any biometric data, including the digital facial map, on our systems. ALL BIOMETRIC DATA PROCESSING IS CONDUCTED THROUGH STRIPE'S OR CERTN'S SECURE PLATFORMS AND IS SUBJECT TO THEIR RESPECTIVE DATA HANDLING AND PRIVACY PROTOCOLS.
User Rights and Inquiries: You have the right to request information about our biometric data processing practices. This includes rights to access, correct, delete, or obtain a copy of the data processed through Stripe's or Certn's systems. For such requests or any inquiries related to biometric data processing, please contact Fastkey's Privacy Officer at firstname.lastname@example.org
Consent and Withdrawal: Your consent for biometric data processing is crucial for us to provide certain services. Should you choose to withdraw your consent, it may impact our ability to process your application or deliver specific services.
Method of Data Collection
We collect information through various methods:
- Directly from the user: Information such as name, contact details, and financial data are collected when you sign up for our services or fill out forms on our website.
- From third-party sources: We may obtain information like credit reports and criminal background checks from third-party agencies, subject to your consent and applicable laws.
- Automated technologies: Information regarding your usage of our services, like IP addresses and browsing activity, may be automatically collected through cookies and similar tracking technologies.
Fastkey uses automated decision-making algorithms to evaluate various factors such as creditworthiness and risk profiles. This is to facilitate quicker and more accurate service delivery. We adhere to legal standards and ensure transparency in our automated decision-making processes
Purpose of Data Collection
Fastkey collects personal and non-personal data for the purpose of providing a comprehensive suite of evaluation services. These services include, but are not limited to, credit assessments, asset verifications, income verifications, tax document verifications, and criminal background checks. The data is used to serve a variety of requesters, such as landlords, property managers, mortgage brokers, and employers, for applications related to rental agreements, mortgage approvals, credit underwriting, and employment. The data may also be used for internal analytics to improve our services and offer personalized recommendations.
For services that require sensitive information, such as credit checks, a double opt-in process is employed to ensure informed consent:
Initial Consent: Upon sign-up and sign-in, applicants will be asked to share sensitive information (e.g., Social Insurance Number in Canada, Social Security Number in the U.S.) if a requester asks for a credit check. The applicant's credit information will be fetched via our Equifax API integration.
Report Review and Final Consent: After the credit report is compiled, it is first shared with the applicant for review. Only upon the applicant's second explicit consent will the report be shared with the requester.
This double opt-in mechanism reinforces Fastkey's role as an intermediary and ensures that applicants fully understand and agree to the sharing of their sensitive information. Consent is obtained through clear and straightforward opt-in mechanisms during the service setup and report request processes. Users have the right to withdraw their consent at any time, although this may impact the availability and functionality of certain services.
Data Storage and Security
Fastkey is dedicated to maintaining the privacy and security of personal and non-personal information while also ensuring compliance with legal and regulatory requirements. To this end, we adopt the following data retention practices:
Applicant Reports: Reports generated for applicants, which include sensitive and comprehensive personal information, are maintained for a period of 90 days post creation to allow sufficient time for review and decision-making by the requesting parties. After 90 days, these reports will be permanently deleted from our systems.
Basic Applicant Information: Essential information required for the creation of a user account, such as email addresses, phone numbers, and other basic sign-up details, will be retained to maintain the account and for our users to utilize our services effectively.
Compliance and Audit Records: Notwithstanding the above, a record of the existence of the reports, excluding the detailed personal information contained within them, may be retained for a longer period as required for compliance with legal obligations, to resolve disputes, and to enforce our agreements.
Legal Requirements: In certain jurisdictions, we may be compelled to retain additional information for extended periods in accordance with local laws and regulations. In such cases, the retention will be in compliance with the legal requirements.
Data Security Measures
We employ stringent security protocols to protect your data. This includes the use of encryption technologies such as the Secure Sockets Layer (SSL) for data in transit and advanced encryption algorithms for data at rest. Our servers are secured behind firewalls and access is restricted to authorized personnel only. We also perform regular security audits to ensure the ongoing integrity and confidentiality of your information.
Data Sharing and Third Parties
Fastkey is committed to complying with the Fair Credit Reporting Act (FCRA).
When we act as an intermediary for the collection and dissemination of consumer credit information, we adhere to the FCRA's guidelines and requirements, including but not limited to:
- User Authorization: Before acquiring a consumer credit report, Fastkey ensures that the applicant has provided explicit written consent to share their credit information with the requester.
- Dispute Resolution: In the event that any information in the consumer credit report is inaccurate or incomplete, Fastkey provides a mechanism for the applicant to dispute the information and seek corrections, in accordance with FCRA guidelines.
- Data Integrity: Fastkey works closely with third-party service providers like Equifax to ensure that the consumer credit information is accurate, complete, and up-to-date.
- Limited Use: Fastkey ensures that consumer credit information is used solely for permissible purposes as defined by the FCRA, including tenant and employment screening, and asset verification by mortgage brokers.
By using Fastkey services that involve consumer credit reporting, you acknowledge and consent to these practices, and you are advised to familiarize yourself with your rights under the FCRA and corresponding Canadian legislation.
Access and Correction
Fastkey respects the rights of individuals to access and control their personal data. Applicants have the right to access their reports and correct any inaccuracies. Likewise, requesters can only access data for which they have received explicit consent from the applicant. Both parties may access their Fastkey account settings to modify or delete their data, in accordance with legal obligations and retention policies.
Users have the option to opt-out of receiving marketing communications from Fastkey. To exercise this option, users may follow the opt-out link in our emails or contact Fastkey's customer support directly. Opting out of marketing communications will not affect the delivery of service-related notifications and transactional messages from Fastkey.
Accountability and Governance
Audits and Compliance Checks
Fastkey is committed to regular audits and compliance checks to ensure the effectiveness of our data protection measures. We cooperate with relevant regulatory bodies and are prepared to demonstrate our compliance with data protection laws upon request.
Cookies and Tracking
We welcome your feedback and will respond to your queries in a timely manner.
Data Processing Addendum (DPA)
- "Fastkey" represents our company and service platform.
- "Personal Data" is information identifying individuals processed by Fastkey under your directive.
- Processing encompasses operations like collecting, recording, organizing, structuring, storing, and deleting Personal Data.
- Other terms like "Data Controller", "Data Processor", and "Data Subject" have their standard definitions per data protection legislation.
2. Roles & Responsibilities
When you use our services, you act as the "Data Controller", deciding the purpose and method of data processing. Fastkey, as the "Data Processor", processes data based on your instructions and for the explicit reasons agreed upon in our service provisions.
3. Processing & Limitations
4. Data Retention & Erasure
As detailed in the "Data Storage and Security" section, we retain and erase Personal Data based on the service agreement, user requests, and legal obligations.
5. Security Protocols
Fastkey's commitment to data security is discussed in the "Data Security Measures" section of this policy. We employ industry-standard methods to protect your data.
6. Responding to Data Subject Requests
Fastkey respects user rights, as mentioned in the "User Rights" section. If a data subject inquires about their data, Fastkey will act promptly, ensuring transparency and cooperation.
7. Use of Subprocessors
In our role as a data processor, Fastkey may employ subprocessors. We ensure these subprocessors uphold Fastkey's data protection standards. Users will be notified of any significant changes to our subprocessor list.
8. International Transfers
If data transfers are made outside the jurisdictions mentioned in this policy, Fastkey commits to using recognized legal frameworks ensuring data protection.
9. Compliance & Modifications
Fastkey's adherence to data protection laws is a cornerstone of our operations. We may modify this DPA based on evolving legal and operational needs, always notifying users and maintaining transparency.