Last updated: Nov 03, 2023
Didimo respects your privacy and is committed to protecting your personal data.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We are a technology company called Didimo, which, through our services, allows you to create a lifelike digital version of yourself to use as an interface with technologies of all sorts. Using our services means that you can experience a new level of ownership and responsibility of your online identity. For more information about our services, please visit: https://didimo.co/.
The Didimo Group is made up of different legal entities, which are as follows:
Because we collect, use and are responsible for certain personal information about you, we are regulated under the General Data Protection Regulation (often called the GDPR) which applies across the European Union (and the United Kingdom). We are responsible as a data controller of that personal information for the purposes of those laws when we are processing personal information about European data subjects (individuals) or when are offering our services to European data subjects. We will let you know which Didimo entity will be the controller of your personal information when you enter into an agreement with us to use our services.
Whilst the GDPR does not apply to non-European individuals, we are committed to privacy rights and have extended our data protection practices across our entire business.
Throughout our website we may link to other websites, APIs and mobile apps (“third-party platforms”) which are owned and operated by third parties. This may be to refer you to products and services offered by these third-party companies, or to refer you to our customers who have used our services. These other third-party platforms may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate. We are not responsible for the content on such third-party platforms nor for their handling of your personal data.
We collect personal information about you when you access our website, register with us, contact us, send us feedback, use our services or purchase or subscribe to services via our website and complete customer surveys.
We collect this personal information from you either directly, such as when you register with us, contact us use our services or purchase or subscribe to services via our website or indirectly, such as when you are an authorised user of one of our customers or from your browsing activity while you are on our website and customer portal, or when you use our app, Didimo Showcase (see ‘Cookies’ below).
The information we collect about you depends on the particular activities carried out through our website and whether you use our services. This information includes:
We use this personal information to:
Our website and services are not intended for use by children under the age of 16, and we do not knowingly collect or use personal information relating to children.
Information we do not collect
We do not actively collect any sensitive data about you (also known as special categories of personal data), such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about your health or genetic data, nor do we collect any information about criminal convictions and offences, however such matters may become apparent to us when you voluntarily share your Likeness Data with us or when you have shared this with a third party company using our services.
Indeed, we process your biometric data (which is limited to photograph and video footage of your face and likeness) and which will also include digital depth perception markers based on the facial photograph and video footage you supply to us, to allow us to create your likeness in a 3D digital and non-photographic format (which we call “Depth Markers”) which ultimately form the basis of your Didimo creation when the Didimo lifelike facial graphic is added to it) for two reasons.
Firstly, for the provision of our Didimo services when you have expressly and explicitly consentedto share this this information with us (or you have expressly consented that a third party provides that information to us) – for example when you sign up to, and/or use our services directly or via a third party (one of our customers). You can withdraw consent which you give for use of the Didimo services at any time.
Secondly, we also collect and process your biometric data (which is still limited to photograph and video footage of your face and likeness, the Depth Markers and the ultimate Didimo creation based on your Likeness Data) when you supply it to us (or when it is supplied to us from one of our customers, being a third party company using our services) for the purpose of scientific research. Scientific research means the technological development and demonstration, (including algorithm and AI development and machine learning) that we undertake to research improvements for, and to develop our technology. In this second case, we are able to process your personal data - strictly for this purpose - without your consent and for as long as we need to do so, in order to carry out development of our technology. In respect of the Depth Markers, these markers are essentially millions of small dots that are applied to the facial image or video footage that you supply to us, which when taken together, allow us to build a digital framework of your likeness which is then processed via our technology to create your virtual self. The data we use is very similar to the data that you might supply for FaceID when using your iPhone or other Apple device. For more information about the data collected via Depth Markers and how it works, please feel free to visit Apple Inc.’s website which sets out their TrueDepth technology. We do use Apple Inc.’s TrueDepth integration, so this is only an example since we also use other equivalents depending on the relevant operating systems and devices that you use.
When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
For further details on when we collect personal information, what we collect as well as how we use it, please read the following table:
For further details on when and how we use personal information for marketing purposes, please see the section ‘Marketing’ below.
So that we are able to provide you with our services and access to this website, we routinely share your personal data with the following third parties:
For example, all of the companies in the Didimo Group and who are based in Portugal, the USA and Canada and who provide IT and system administration services, development of our technology services and website and who also carry out administration and management of our business.
Service providers acting as processors based inside and outside of the EEA who provide IT and system administration services, cloud hosting and storage services, HR services, product development, financial services, payment providers, operations and software development. In respect of the Depth Markers, we also use providers which supply us with the technology to enable us to create the 3D digital outline which serves as the basis for your Didimo creation, based on your Likeness. An example of such service providers is Apple Inc., with their TrueDepth camera system (more information is available here https://support.apple.com/en-us/HT208108 ), but please note that we also use similar depth services offered by other technology providers (such as the Android or Huawei equivalents).
Professional advisers including lawyers, bankers, auditors and insurers based inside and outside of the EEA who provide consultancy, banking, legal, insurance and accounting and tax services.
Regulators and other authorities based inside and outside of the EEA who require reporting of processing activities in certain circumstances – for example, in relation to tax returns and tax declarations.
A list of these third parties is available on request.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. For example, in respect of the Depth Markers, any data gleaned from this is only used to calculate your 3D image as part of your Didimo creation based on your Likeness Data. All this data is captured in your camera and then it is sent and stored on our secure server – it is never transferred outside of the Didimo server.
We will share personal information with law enforcement or other authorities if required by applicable law.
As you can see, some of the third-party recipients of your personal information are based outside the EEA. For further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We require you to provide certain information about you – for example, your likeness or proof of your identity, to enable us to safeguard your rights and provide our services and create your digital self. We will inform you at the point of collecting information from you whether you are required to provide the information to us.
We may transfer your personal information to the following which are located outside the EEA to allow us to run our business and to provide our services and this website to you, or indeed when you are based outside of the EEA. We also share your personal data within the Didimo Group which involves transferring your data from the EEA to the USA and Canada.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We would like to send you information about our services, our business, competitions and special offers and our details about new features and our website, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We would also like to share your information with selected third parties from time to time so that they may send you information about their products or services, depending on what you agree with us.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you sign up to our services, sign up to our newsletter or make contact with us via our website for the first time.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
It may take up to 30 days for this to take place.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
Under the GDPR, European individuals have a number of important rights. In summary, these rights include the right to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email or write to us using the details below.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Timeframe for responding to you
We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your information: see ‘Your rights’ above for further information.
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes or in an aggregated format for machine learning, product improvement and development of our technology, in which case we may use this information indefinitely without further notice to you.
Furthermore, as set out in the section ‘Further information: The personal information we collect, when and how we use it’, we collect your Likeness Data for the purposes of carrying out scientific research into our product and services, for machine learning, product improvement and development of our technology, in which case we may use this information for as long as is necessary to allow us to carry out that scientific research, without further notice to you. Where possible, we will ensure that such data is anonymised. Where this is not possible, we will implement pseudonymisation (such as allocating code names or numerical identifiers), and we will only process the minimum amount of data that we need to achieve our scientific research purposes. In doing so, we will safeguard the data with technical and organisational measures (ensuring security and confidentiality of the data), including by ensuring that all data processed for this purpose is stored in a separate database, accessible on a need-to-know basis.
Please rest assured that when keeping your personal data for scientific research purposes, we will never process it to support measures or decisions relating to particular individuals and we always ensure the data is not processed in such a way that substantial damage or substantial distress is likely to be caused to any individual.
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR also gives EEA and UK users the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where they work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Portugal (where our European representative is based) is the CNPD – Comissão Nacional de Protecção de Dados (the Portuguese Data Protection Authority). They can be contacted by:
Telephone: (+ 351) 21 392 84 00;
Fax: (+ 351) 21 397 68 32; or
You can also visit their website.
A cookie is a small text file which is placed onto your device (such as your computer, smartphone or other electronic device) when you use our website or Didimo Showcase.
Local storage is an industry standard technology that allows a web application or website to store information locally on your device.
For example, we may monitor how often you use Didimo Showcase and Customer Portal or visit the website, which pages and functions you visit, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users and improve our website, Customer Portal, Didimo Showcase and our services generally. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
We will ask for your permission (Consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested (for example, when the cookies are required for session control, such as to enable you to subscribe and sign up to our services online, use your user account and/or purchase services from us via the website, the Customer Portal or Didimo Showcase).
The table below provides more information about the cookies we use and why:
This cookie collects information in an anonymous form and does not collect any personal information about you.
No, this cookie is not essential and is purely for analytics purposes, so we will therefore request your consent before placing this cookie.Didimo Showcase (Didimo Inc)DDUIThis is a session cookie that we place within Didimo Showcase and website, which ensures that you are recognised when you move from page to page within our website and around Didimo Showcase and allows us to ensure user authentication. This means that this cookie ensures that any information you have entered is remembered. This avoids you being treated like a new visitor each time you visit our website or navigate between the different pages or open Didimo Showcase. This cookie also allows you to log into your online account via our website or Didimo Showcase and to make purchases.
These cookies are only used during a particular browser session and expire each time you close your browser or Didimo Showcase and do not remain on your device afterwards.
Yes, this cookie is essential (we will therefore not request your consent before placing this cookie).Didimo website (Wordpress)DDMUI,
Any cookie generated by “Universal Analytics (Google)”
These cookies collect information about how visitors use our website, such as which pages you visit most often, and if you get error messages from any pages on our website. These cookies do not collect any information which allows you to be identified personally. The information collected through these cookies is aggregated and therefore anonymous and we only use them to improve the functionality of our website.
Please read Wordpress’ cookies policy which sets out their guidance on how their cookies function as well as the specific data they collect.
No, this cookie is not essential and is purely for performance analytics purposes, so we will therefore request your consent before placing this cookie.Customer PortalDDCookieConsentSig,
Social media sites: our website, Customer Portal and Didimo Showcase use trackers in order to allow you to share content on social media networks/platforms and also allows you to use your social media log-ins with Google and Facebook to log in to Didimo’s services.
If you do not want to accept any cookies, you may be able to change your browser or device settings so that cookies (including those which are essential to the services requested) are not accepted.
If you do this, please be aware that you may lose some of the functionality of our website or Didimo Showcase.
For further information about cookies and how to disable them please go to the guidance on cookies published by the UK Information Commissioner’s Office (ICO), www.aboutcookies.org or www.allaboutcookies.org.