Data retention policy.

Introduction

BioVerify Limited, which trades as “BioVerify", (we, us, our) complies with the Privacy Act 2020 (NZ) (the Act) and the EU’s General Data Protection Regulation (GDPR) (together, “the relevant legislation”) when dealing with personal information. Personal information is information about a living, identifiable individual (a natural person).

This policy sets out how we retain and remove personal information.

This policy does not limit or exclude any of your rights under the relevant legislation. If you wish to seek further information on the Act, see www.privacy.org.nz.

Changes to this policy

We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.

The policy

Redaction after a default period

In accordance with both the NZ Privacy Act 2020, and GDPR privacy principles, by default BioVerify redacts all personal data within its own transaction records 90 days after the record was last altered. 

BioVerify chose a default 90 day retention period to allow reasonable time for any inquiry to be raised and managed through to completion. Upon request, a client may select its own data retention period. 

What redaction means

Redaction means, specifically, that records created and stored either directly by BioVerify, or directly on BioVerify's behalf, have personally identifiable information replaced or removed, leaving only non-personal transaction identifiers, decisioning records, and data sufficient for statistical analysis.  

Records of third parties

Records that are created by third party suppliers as an audit of data matching requests (for example, requests to the issuer of an identity document, or a credit reporting agency) will not be redacted, as required or permitted by law, and as covered in BioVerify's Terms of Use.