Direct Consent Requirements

If you are utilizing the API or Custom UI SDK for data acquisition, Jumio requires you to incorporate specific language, collect consent on behalf of Jumio, and provide Jumio with a record of the consent. This page summarizes the requirements for collecting consent on Jumio’s behalf.

Consent Requirements
Why does consent need to be collected from the end user?

As a data controller, Jumio relies on consent to process personal information for Jumio Services.

What type of consent is required?

End users must provide direct consent to Jumio’s collection and sharing of personal information, including biometric data.

What do I need to do?

Display the required consent language with a control for explicit, affirmative action — such as a check box or radio button that the end user must toggle before they can proceed.

The required language is as follows and must include the link to Jumio’s privacy notice:

“​​I consent to Jumio collecting, processing, and sharing my personal information, which may include biometric data, pursuant to its Privacy Notice.”

Will a transaction be rejected if the consent parameters are not populated?

An end user should not be allowed to proceed with verification without providing consent. If a transaction is sent to Jumio without the required consent parameters, the transaction will be rejected.

Will Jumio review the implementation prior to deployment?

Yes, Jumio will ask you to submit a screenshot of the user journey to ensure the applicable language and check box (or other control) is included.

Will the consent language need to be presented before every transaction an end user initiates per customer?

Jumio requires direct consent from users each time they go through the journey in ID Verification or Identity Verification.

If you use Jumio Authentication, we require users to give direct consent the first time they authenticate. This consent is good for three years, after which you will need to request new consent from them.

 

API Requirements
What type of consent parameters are required for the API?

If you are utilizing the Jumio API for data acquisition:

  1. Incorporate the required consent language (including a link to Jumio’s Privacy Notice) and checkbox or similar active control into the user consent flow.

  2. Populate the IP Address and end user's current location for each transaction.

  3. Populate the API consent parameters (i.e., consent, timestamp, IP address) for each transaction that confirms that consent has been granted to Jumio.

Where can I find the technical implementation documentation?

See End-User Consent to Collect Personal Data.

For older Netverify versions of the API (v2) see: Netverify ID Verification Web Implementation Guide.

For older KYX versions of the API (v3) see: Implementation Guide KYX (v3).

 

Custom UI Requirements
What type of consent parameters are required for the Custom UI SDK?

If you are utilizing the Jumio Custom UI SDK for data acquisition:

  1. Incorporate the required consent language (including the link to Jumio’s Privacy Notice) and checkbox or similar active control into the user consent flow.

  2. Initiate the Custom UI SDK as described in the technical documentation to receive applicable consent requirements for the transaction.

  3. Return a response containing the consent text, privacy notice URL, consent type and consent status, as defined within the technical specifications, for each transaction to confirm that consent has been granted to Jumio.

Does it apply to all versions of Custom UI SDK ?

This is applicable for SDK versions 4.5 and above. If you are using an SDK version earlier than 4.5, it will require an update to the latest version.

Where can I find the technical implementation documentation?

See the Integration Guide for your integration: