Privacy policy.

Introduction

BioVerify Limited, which trades as “BioVerify", (we, us, our) complies with the Privacy Act 2020 (NZ) (the Act) and the EU’s General Data Protection Regulation (GDPR) (together, “the relevant legislation”) when dealing with personal information. Personal information is information about a living, identifiable individual (a natural person).

This policy sets out when and how we will collect, use, disclose and protect your personal information.

This policy does not limit or exclude any of your rights under the relevant legislation. If you wish to seek further information on the Act, see www.privacy.org.nz.

Changes to this policy

We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.

When do we collect your personal information?

We collect your personal information:

  • on documented instruction by an authorised organisation to verify your identity, 

  • when you begin interacting with our service to verify your identity, and

  • during the identity verification process, while you are interacting with our service.  

Our legal grounds for collecting your personal data is one or more of the following:

  • to perform a contract,

  • your consent,

  • our legal obligations, and/or

  • for the protection of your vital interests.

From whom do we collect your personal information?

We collect personal information about you from:

  • an authorised organisation requesting you to verify yourself through our service,

  • you, when you provide personal information to us, including via the BioVerify mobile app, our website, and any related service, through any registration or subscription process, or through any contact with us (e.g. telephone call or email),

  • credit reporting agencies where we perform an identity check or verification using credit information held by one or more credit reporting agencies,

  • other third parties, where you have authorised this or the information is publicly available.

If possible, we will collect personal information from you directly.  If you do not wish to provide any personal information to us, you may refuse the invitation to verify your identity, and not use our service. 

What personal information do we collect?

We may collect some or all of the following personal information:

  • personal details such as name, address, date and place of birth,

  • images and/or video recordings,

  • biometric data,

  • location data,

  • identity documentation information,

  • information relating to anti-money laundering, sanctions and adverse media assessments,

  • IP address, and

  • any other personal data you supply.

How do we use your personal information?

We will use your personal information:

  • to enable you to begin using our service, 

  • to establish evidence of your identity according to accepted standards, 

  • to report back to the organisation that instructed us to verify your identity (whose request to verify your identity you accepted),

  • to respond to communications from you, including a complaint,

  • to improve our services and products, including when we

    • investigate and resolve issues, 

    • conduct research and statistical analysis (on an anonymised basis),

  • to protect and/or enforce our legal rights and interests, including defending any claim

  • for any other purpose authorised by you or the relevant legislation.

We will not process your personal data in ways that are outside these uses, and the initial purposes for which we collected it.  For example, we will not use it to market to you. 

Who else may get your personal information?

We may disclose your personal information to:

  • the organisation that instructed us to verify your identity (whose request to verify your identity you accepted),

  • any party whose own independent information is used to verify your identity, 

  • any business or person that supports our service and that hosts or maintains any underlying IT system or data centre that we use to provide it,

  • a person who can require us to supply your personal information (e.g. a regulatory authority),

  • any other person authorised by the relevant legislation or another law (e.g. a law enforcement agency).

Your personal information may be held and processed outside New Zealand. We will not knowingly store or transmit your personal information outside the jurisdictions of New Zealand and/or Australia (unless to report back to the organisation that instructed us to verify your identity, if that organisation is outside New Zealand and/or Australia).

How do we protect your personal information?

We take reasonable technical and organisational measures to keep your personal information safe from loss, unauthorised activity, or other misuse, including but not limited to:

  • mechanisms to restrict access to our systems, as described in our Access Control Policy,

  • use of reputable supporting businesses that are also in compliance with the relevant legislation, 

  • use of encryption to prevent unauthorised access to your information when in transit and storage,

  • removal of your information from our systems in accordance with our Data Retention Policy.  

Our Access Control Policy, and Data Retention Policy, are each available on request.

How can you access and correct your personal information?

Subject to certain grounds for refusal set out in the relevant legislation, you have the right to 

  • access your readily retrievable personal information that we hold about you,

  • request a correction to your personal information that we hold about you,

  • request the removal of your personal data when our reason for processing it has expired, 

  • request that we  transfer your personal data, to you, or to a third-party you nominate, in a structured, commonly used, machine-readable format, and/or 

  • withdraw your consent for us to use your personal data. This will mean you cannot use our service.

Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.

If you want to exercise either of the above rights, email us at privacy@bioverify.me Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting). Please also identify the organisation that requested you to verify your identity using our service. 

We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.

Internet use

While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.

If you follow a link in our app or from our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.

We may use third party services to support analytics, and crash reporting. These services may collect and store information about your device, and to detect issues with our service. Crash reporting may disclose information such as a userID, and the specific steps that led up to the crash.