Edentiti Pty Ltd ABN 67 111 307 361 (Edentiti), is a private identity verification services provider and a gateway service provider for the Commonwealth Document Verification Service.
Edentiti is committed to complying with the Australian Privacy Principles. It understands the importance of protecting the privacy of individuals. This Privacy Policy, therefore, sets out:
This Privacy Policy is divided into 5 principal sections:
If you would like Edentiti to send you a MS Word or PDF copy of this Privacy Policy (at no charge), please use the contact details at the end of this Privacy Policy to request a copy. If you require a copy of this Privacy Policy in a different format, Edentiti will use its reasonable efforts to comply with your request. If Edentiti cannot supply a copy of the Privacy Policy in the format you have requested, Edentiti will contact you to discuss your requirements and attempt to identify and agree an alternative format in which the copy of the Privacy Policy can be provided to you.
Edentiti welcomes your comments on this Privacy Policy. If you would like to make a comment, you should contact Edentiti using the contact details set out in the Contact Details section of this Privacy Policy.
1. Visitors
A visitor is a person who visits Edentiti’s website or otherwise contacts Edentiti but to whom Edentiti does not provide any goods or services or who does not undertake a trial of any products or services provided by Edentiti (Visitor).
Edentiti does not attempt to identify a Visitor when the Visitor is accessing the website or otherwise contacting Edentiti except where the Visitor wishes to undertake a trial of any of Edentiti’s services (in which case, you should refer to section 2 of this Privacy Policy). Edentiti will not collect personal information about any Visitor unless the Visitor expressly provides this to Edentiti (for example, by sending an email or completing an online registration form or online inquiry form).
If a Visitor wishes to undertake a Trial, the Visitor cannot undertake the Trial unless the Visitor provides an email address.
Where possible, Edentiti’s systems will allow a Visitor to communicate with Edentiti on an anonymous basis or by using a pseudonym.
2. Trial Users
A trial user is a person who visits Edentiti’s website or otherwise contacts Edentiti and undertakes a trial of any products or services provided by Edentiti or visits the public demonstration pages of Edentiti’s website (Trial User).
A Trial User will only be able to undertake a trial of products or services provided by Edentiti if the Trial User provides an email address.
This section is divided into the following subsections:
2.1 Why Edentiti collects personal information
Edentiti collects personal information of Trial Users:
2.2 What personal information Edentiti collects
Edentiti collects only the Trial User’s email address. It is not possible to undertake a trial of any products or services provided by Edentiti or visits the public demonstration pages of Edentiti’s website unless a user provides the user’s email address. Therefore, it will not be possible for a Trial User to communicate with Edentiti on an anonymous basis or using a pseudonym.
2.3 How Edentiti collects personal information of Trial Users
Edentiti will collect information directly from each Trial User.
2.4 How Edentiti obtains consent from Trial Users
In most cases, either before or at the time of collecting the personal information, Edentiti will obtain the consent of the Trial User to the collection of the personal information.
2.5 How Edentiti uses personal information of Trial Users
Edentiti will use the personal information to monitor usage patterns, to determine whether the Trial User is a genuine user of the trial products and services and to communicate with the Trial User including for the purposes of marketing.
Edentiti will not disclose any personal information to any individual or entity without the express permission of the Trial User.
2.6 Disposal or destruction of personal information
Edentiti will delete all personal information on conclusion of trial arrangement except in those cases where Edentiti is required to maintain a record.
3. Individual Users
An Individual User is a person who visits Edentiti’s website or otherwise contacts Edentiti and to whom Edentiti provides products or services.
Edentiti’s identity verification service is a service which verifies the identity of an Individual User thereby allowing the Individual User to prove that the Individual User is who the individual say he or she is including to allow the Individual User to electronically present himself or herself to a trusted independent entity with whom the Individual User may already have a relationship.
This section is divided into the following subsections:
3.1 Why Edentiti collects personal information
Edentiti collects personal information of Individual Users:
To provide the Edentiti’s identity verification service, the information collected by Edentiti is compared against an information database.
Edentiti also collects personal information of Individual Users which is reasonably necessary to undertake a function or activity (for example, to manage and administer Edentiti and conduct its business).
3.2 What personal information Edentiti collects
Edentiti collects the following information about Individual Users:
Additional information may be required depending on the services which the individual user wishes to acquire from Edentiti and Edentiti will, notify the Individual User of the requirement to collect this additional information as specified in section 3.4 of this Privacy Policy.
Where possible, Edentiti’s systems will allow an Individual User who wishes to communicate with Edentiti on an anonymous basis or by using a pseudonym. However, it will not be possible for an Individual User to communicate with Edentiti on an anonymous basis or using a pseudonym if the Individual User requires assistance in relation to its account or the information which it has provided to Edentiti for the purposes of establishing or using its account.
3.3 How Edentiti collects personal information of Individual Users
Edentiti will collect information directly from each Individual User or from third parties whom the Individual User has authorised Edentiti to contact.
3.4 How Edentiti obtains consent from an Individual User
In most cases, either before or at the time of collecting the personal information, Edentiti will obtain the consent of the Individual User to the collection of the personal information. If Edentiti cannot obtain the consent of the Individual User before or at the time of collection, it will obtain consent as soon as practical after the collection.
3.5 How Edentiti uses personal information of an Individual User
The Edentiti service enables an Individual User to use the Individual User’s personal information for the Individual User’s own purposes. Edentiti uses the personal information of an Individual User as required to provide products and services to the Individual User. This may include disclosure of personal information to persons whom the Individual User has authorised Edentiti to contact or provide the personal information for the purposes of providing the verification service to the Individual User.
Edentiti will not disclose any personal information to any individual or entity without the express permission of the Individual User.
3.6 Access to personal information
Individual Users may access all the personal information they have provided to Edentiti or which Edentiti has collected and may update or delete it except in those cases where Edentiti or an organisation to which Edentiti has provided the personal information as part of Edentiti’s provision of the verification services is required to maintain a record. This includes retention of records for compliance with the Anti-Money laundering and Counter-Terrorism Financing Act 2006 or other laws or regulations.
3.7 Disposal or destruction of personal information
Edentiti will delete all personal information on conclusion of the Individual User’s arrangements with Edentiti except in those cases where Edentiti is required to maintain a record.
4. Organisation Representatives
An Organisation Representative is a person who is dealing with Edentiti in his or her capacity as the representative of an organisation who has appointed Edentiti as its agent for the purposes of the Commonwealth Attorney-General’s Department’s Document Verification Service and who is authorised to act on behalf of the organisation.
This section is divided into the following subsections:
4.1 Why Edentiti collects personal information
Edentiti collects personal information of an Organisation Representative to:
Edentiti also collects personal information of Organisation Representatives which is reasonably necessary to undertake a function or activity (for example, to manage and administer Edentiti and conduct its business).
4.2 What personal information Edentiti collects
Edentiti collects the following information about Organisation Representatives:
Where possible, Edentiti’s systems will allow an Organisation Representative to communicate with Edentiti on an anonymous basis or by using a pseudonym. However, it will not be possible for an Organisation Representative to communicate with Edentiti on an anonymous basis or using a pseudonym if the Organisation Representative requires assistance in relation to Edentiti’s arrangements with the organisation which the Organisation Representative represents or the Organisation Representative’s account.
4.3 How Edentiti collects personal information of Individual Users
Edentiti will collect information directly from each Organisation Representative.
4.4 How Edentiti obtains consent from an Organisation Representative
In most cases, either before or at the time of collecting the personal information, Edentiti will obtain the consent of the Organisation Representative to the collection of the personal information. If Edentiti cannot obtain the consent of the Organisation Representative, it will obtain consent as soon as practical after the collection.
4.5 How Edentiti uses personal information of an Organisation Representative
Edentiti does not anticipate disclosing the personal information of an Organisation Representative to enable Edentiti to provide products and services to the organisation which the Organisation Representative represents.
4.6 Access to personal information
Organisation Representative may access all the personal information they have provided to Edentiti or which Edentiti has collected and may update this information and update it or delete it except in those cases where Edentiti is required to maintain a record.
4.7 Disposal or destruction of personal information
Edentiti will delete all personal information on:
except in those cases where Edentiti is required to maintain a record.
5. Provisions Applicable to All Persons From Whom Edentiti Collects Personal Information
This section is divided into the following subsections:
5.1 Unsolicited personal information
There may be situations in which Edentiti receives personal information about a person even though Edentiti has not requested any personal information about an individual or has not requested the particular information which has been received about an individual (unsolicited personal information).
If Edentiti receives any unsolicited personal information, it will, within a reasonable period of receipt of the unsolicited personal information, review the unsolicited personal information to determine if it is reasonably necessary for its functions. If it is, Edentiti will handle the information in the same way as it handles the information we collect from a person. If Edentiti does not need the information, Edentiti will destroy the information or de-identify it.
5.2 Usage patterns
Edentiti’s web server collects information on the usage patterns of people visiting Edentiti’s website. The information is collected each time a user visits Edentiti’s website. Except in relation to a Trial User, it is not used to identify browsing activities of any individual user but is collected for statistical purposes. The information collected consists of:
This data will be used to research Edentiti’s website and product and to evaluate, develop and improve its usability.
5.3 Cookies
Edentiti’s website uses session based cookies to keep Individual Users and Organisation Representatives logged in during a session. No other cookies or trackers are used.
5.4 Disclosure of personal information by Edentiti
Edentiti will not disclose information that identifies an individual, or enables an individual to be identified except as:
5.5 Transfer of personal information outside Australia
In providing verification services to an Individual User, Edentiti will be required to transfer personal information of an Individual User outside Australia if the Individual User provides verification information from a country other than Australia. In this instance, personal information will be transferred by Edentiti to the country from which the verification information provided by the Individual User originates. Therefore, given the possible scope of Individual Users, it is possible that Edentiti may transfer personal information of an Individual User to a country which is a member country of the United Nations or a country having observer status at the United Nations.
By giving Edentiti your personal information, you consent to such transfer and disclosure. In addition, we believe that the recipients of such information are subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the applicable Australian privacy laws.
5.6 Data security and storage
All personal information held by Edentiti is protected from unauthorised access through the use of secure passwords and user logons and other forms of biometric verification.
Edentiti stores all personal information that it collects securely in a manner that is sufficient to prevent misuse and loss, unauthorised access, modification or disclosure of personal information. Edentiti maintains a high level of data security by implementing:
5.7 Government related identifiers
Edentiti does not use or disclose any government identifier or identifier issued by another person.
5.8 Concerns about personal information
Users can contact Edentiti to address any concerns that they have about their personal information.
If you would like access to the personal information which Edentiti holds about you or a person whom you are authorised to represent, please contact Edentiti using the contact details set out in the Contact Details section of this Privacy Policy. Your request should specify the format in which you wish to be provided the personal information (for example, in person, by email, by telephone, hard copy or other electronic record). This application is free of charge. However, Edentiti may make a reasonable charge for providing access to you. If Edentiti wishes to charge you to access the personal information, Edentiti will notify you of this charge prior to giving you access to the personal information.
5.9 Response to request for access to personal information
If you make a request to access personal information, Edentiti will respond to your request within 30 days of the date of your request. If Edentiti cannot respond within this period, Edentiti will notify you of the delay, the reasons for the delay and the date by which Edentiti will provide a response.
5.10 Process for accessing personal information
If Edentiti agrees to give you access to your personal information, the following process will apply:
5.11 Refusing access to personal information
Edentiti is entitled to refuse a request for access in the circumstances specified in the Australian Privacy Principles. If Edentiti decides to refuse your request, Edentiti will notify you of its reasons (except where it is permitted to refuse to provide reasons). Edentiti will consult with you to identify an alternative means of giving you access to the personal information which may include reducing the scope of request or giving you access through an agreed intermediary.
If you disagree with Edentiti, you may make a complaint as described in the Complaints section of this Privacy Policy.
5.12 Quality of personal information and correction of personal information
Edentiti makes reasonable efforts to ensure that the information that it collects is accurate, up-to-date, complete and relevant both at the time of initial collection and during the period that Edentiti holds the personal information.
If you consider that any personal information that Edentiti holds about you is inaccurate, out-of-date, incomplete, irrelevant or misleading and you wish to have the information corrected, you should contact Edentiti using the contact details set out in the Contact Details section of this Privacy Policy. Edentiti will respond to your request within 30 days. This application is free of charge.
If Edentiti accepts the request, it will take such steps as are reasonable in the circumstances to correct the information to ensure that, having regard for the reasons for which the information is held, the information is inaccurate, out-of-date, incomplete, relevant and not misleading.
If Edentiti refuses the request:
5.13 Complaints
If you wish to make a complaint about:
please contact Edentiti using the contact details set out in the Contact Details section of this Privacy Policy. All complaints will be considered by Edentiti’s privacy officer who may contact you to obtain further details of your complaint and to better understand your complaint so that it resolved as quickly as possible.
Edentiti aims to resolve all disputes in a manner which is satisfactory to both you and Edentiti. There may be circumstances where you are not satisfied with the manner in which Edentiti has resolved your complaint. If you are not satisfied with the manner in which Edentiti deals with your complaint, you may complain to the Office of the Australian Information Commissioner (see http://www.oaic.gov.au/).
5.14 Changes to this Privacy Policy
Edentiti reserves the right to change this Privacy Policy as required to maintain compliance with the Australian Privacy Principles and other applicable laws, to comply with changes in technology or to facilitate changes in its business. Edentiti will, if possible, give prior notice of its intention to change this Privacy Policy. If Edentiti considers it necessary, it will consult with the Office of the Australian Information Commissioner or other appropriate government representatives and other representative groups before implementing any change to this Privacy Policy. However, there may be circumstances where Edentiti considers that prior notice or prior consultation is not required or where it is not possible for Edentiti to give prior notice of a change to this Privacy Policy or undertake consultation before changing this Privacy Policy.
When this Privacy Policy is updated, those updates will appear on this page. Edentiti will ensure that changes to this Privacy Policy are identified in each update. Edentiti will also ensure that prior versions of the Privacy Policy can be accessed.
5.15 Contact Details
If you have any questions or comments about this Privacy Policy, would like to request a copy, request access to personal information held about you or make a complaint, please contact:
The Privacy Officer
Edentiti Pty Ltd
PO Box 4863
Sydney NSW 2001
AUSTRALIA
e-mail: info@edentiti.com
© 2015 Edentiti Pty. Ltd. All rights reserved. ABN 67 111 307 361.