Data Retention Policy

Introduction

This document sets out the data retention policies of Verifi Identity Service Limited (“Verifi”) in respect of information received from a Reporting Entity (“Reporting Entity”), customers (“Customers”) of a Reporting Entity and from verification data providers (“Data Providers”) in order to electronically verify the identity of the customer.

Information received from Data Providers

Verifi will obtain information from Data Providers in accordance with Verifi’s agreement with the Data Providers. Verifi will use this data to verify the information provided by a Customer. Subsequent to the verification process, Verifi will not retain any data provided by the Data Provider unless authorised to do so by the Data Provider.

Information received from Customers

Verifi will collect information from Customers on behalf of Reporting Entities. Verifi may use this information to query Data Providers and verify the information against data provided by Data Providers. The comparison may be done by Verifi or the Data Provider.

Verifi will provide a copy of the information obtained from a Customer on behalf of a Reporting Entity to the Reporting Entity as part of the identity verification report.

Verifi will retain information collected from Customers for a period of 7 business days for auditing and error checking purposes. Following this 7-day period, Verifi will automatically and securely remove the data from its systems.

Information received from Reporting Entities

Verifi will collect Customer information from Reporting Entities. Verifi may use this information to query Data Providers and verify the information against data provided by Data Providers. The comparison may be done by Verifi or the Data Provider.

Verifi will retain information collected from the Reporting Entity for a period of 7 days for auditing and error checking purposes. Following this 7-day period, Verifi will automatically and securely remove the data from its systems.

Privacy policy

  1. Introduction

    The Privacy Act 1993 (Act) controls how “agencies” collect, use, disclose, store and give access to personal information. Personal information is information about identifiable, living people. The Act includes 12 Privacy Principles (PPs) regulating the collection, security, storage, use and disclosure of personal information. These principles represent the minimum standards of privacy protection policy that must be adopted.

  2. Applicability and Exemptions

    The provisions in the Act apply to ‘agencies’.

    Verifi Identity Services Limited (“Verifi”) is considered an agency for the purposes of the Act as it will collect personal information from customers whose identity is being verified by a reporting entity using Verifi’s services.

  3. Personal and Sensitive Information

    The Act protects personal information. This is information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information. Personal information includes credit card details, information gathered on websites and mobile telephone numbers linked to user names and mailing lists.

  4. Privacy Principles

    There are 12 PPs set out in the Act. They set the baseline standards for privacy protection.

    Verifi currently intends to comply with the PPs. Verifi may in its absolute discretion adopt any other approved privacy policy in the future.

  5. The Twelve Privacy Principles

    The following is a brief outline of the PPs. Details about each PP is set out below.

    Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.

    Principle 5 governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure.

    Principle 6 gives individuals the right to access information about themselves.

    Principle 7 gives individuals the right to correct information about themselves.

    Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed.

    Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.

    1. Purpose of Collection

      Verifi as an agency must not collect personal information unless:

      1. the information is collected for a lawful purpose connected with a function or activity of the agency; and
      2. the collection of the information is necessary for that purpose.
    2. Source

      Verifi must collect the information directly from the individual concerned. There are a number of exemptions to this requirement, e.g. where the information is publicly available, or the individual concerned has authorised Verifi to collect the information from a third party.

    3. Notification

      Where Verifi collects personal information directly from the individual concerned, Verifi should take such steps as are, in the circumstances, reasonable to ensure that the individual concerned is aware of—

      1. the fact that the information is being collected; and
      2. the purpose for which the information is being collected; and
      3. the intended recipients of the information; and
      4. the name and address of:
        1. the agency that is collecting the information; and
        2. the agency that will hold the information; and
      5. if the collection of the information is authorised or required by or under law:
        1. the particular law by or under which the collection of the information is so authorised or required; and
        2. whether or not the supply of the information by that individual is voluntary or mandatory; and
      6. the consequences (if any) for that individual if all or any part of the requested information is not provided; and
      7. the rights of access to, and correction of, personal information provided by these principles.
    4. Manner of Collection

      Personal information shall not be collected by Verifi:

      1. by unlawful means; or
      2. by means that, in the circumstances of the case,—
        1. are unfair; or
        2. intrude to an unreasonable extent upon the personal affairs of the individual concerned
    5. Storage and Security

      Verifi must ensure—

      1. that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:
        1. loss; and
        2. access, use, modification, or disclosure, except with the authority of the agency that holds the information; and
        3. other misuse; and
      2. that if it is necessary for the information to be given to a person in connection with the provision of a service to Verifi, everything reasonably within the power of Verifi is done to prevent unauthorised use or unauthorised disclosure of the information.
    6. Access

      Verifi must provide individuals with access to and a copy of their personal information on request. This includes information collected from third parties, information received unsolicited and subsequently kept in records held, and opinions recorded about an individual.

    7. Correction

      Verifi must also incorporate processes for the correction of information on the request of an individual or if there is some disagreement as to the correction, allow a statement to be associated with the information noting that the individual desires a correction.

    8. Accuracy

      Verifi may not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.

    9. Time of Holding Information

      Verifi should not keep information for longer than is required for the purposes for which the information may lawfully be used.

    10. Limits on Use

      Where Verifi holds personal information that was obtained in connection with one purpose it shall not use the information for any other purpose except in the circumstances set out in the Act.

    11. Limits on Disclosure

      Where Verifi holds personal information it shall not disclose the information to a person or body or agency except in the circumstances set out in the Act.

    12. Unique Identifiers

      Verifi shall not assign a unique identifier to an individual unless the assignment of that identifier is necessary to carry out any one or more of its functions efficiently.

      Verifi shall not assign to an individual a unique identifier that, to that agency's knowledge, has been assigned to that individual by another agency, unless Verifi and the other agency are associated persons.

      Where Verifi assigns unique identifiers to individuals it shall take all reasonable steps to ensure that unique identifiers are assigned only to individuals whose identity is clearly established.

      Verifi shall not require an individual to disclose any unique identifier assigned to that individual unless the disclosure is for one of the purposes in connection with which that unique identifier was assigned or for a purpose that is directly related to one of those purposes.

  6. Appointment of Privacy Officer

    The Act requires every agency to have a privacy officer whose responsibilities include:

    1. the encouragement of compliance, by the agency, with the information privacy principles;
    2. dealing with requests made to the agency pursuant to this Act;
    3. working with the Commissioner in relation to investigations; and
    4. otherwise ensuring compliance by the agency with the provisions of this Act.

    The board of Verifi may at its absolute discretion appoint or employ any person to be the Privacy Officer of the company. The Privacy Officer would be the first point of contact in Verifi when privacy issues arise either internally or externally.

    Until determined otherwise by the board, the General Counsel of Verifi is appointed as the Privacy Officer.

  7. Policy review

    Verifi will review this policy annually and will update it, when required, between review dates to reflect legislative or regulatory changes.

    This policy is supported by further procedures and operational arrangements.

    The policy will be communicated to all new members of staff by during induction training sessions.

    A breach of this policy will be considered as professional misconduct and will be liable for disciplinary penalties. This could potentially include immediate dismissal and legal action.

  8. Appendix – Privacy Statement

    This Privacy Statement explains how the Verifi Identity Services Limited (“Verifi”) collects, maintains, uses and discloses your personal information. It also provides some detail about the rights that customers have in respect of their personal information.

    Personal Information

    You provide Verifi with your personal information when you ask for information about Verifi’s services, when you access and use this and other Verifi websites and/or when you use a Verifi service to verify your identity. When verifying your identity, Verifi may also collect information about you from publicly available sources such as company registers.

    If you give us personal information about another person, you represent that you are authorised to do so and agree to inform that person who we are, that we will use and disclose that information for the relevant purposes set out below and that they can access the information we hold about them.

    Verifi maintains records of all transactions made through the identity verification process, including the sources used to verify your identity and whether the verification was successful. In addition, information may be retained in accordance with our data retention policy.

    We collect information to identify and verify you. Your personal information will be treated strictly in accordance with the Privacy Principles in the Privacy Act 1993. In addition, Verifi’s current policies require us to discard your personal information within a specified timeframe following the identity verification transaction.

    In using our services you authorize us to pass on any personal information that you provide to us to the reporting entity who is using, or who has referred you to use, our identity verification service.

    Verifi Websites – Statistical Information and Cookies

    We collect statistical information about visitors to our websites such as the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded. This information is used to evaluate and improve the performance of our websites. Other than statistical information, we do not collect any information about you through our website unless you provide the information to us.

    You should also be aware that we use cookies on our websites. A cookie is a small amount of data, which often includes a unique identification number or value that is sent to your browser from a website's computer and stored on your computer's hard drive. Each website can send its own cookies to your browser if your browser allows it. However, to protect your privacy, your browser only allows a website to access the cookies it has sent to your computer.

    When cookies are used on our websites, they are used to collect the statistical information referred to above in addition to allowing you to access your account online. When you access your account on-line a cookie will be created which uniquely identifies your computer and your username and password. This means that you do not have to re-enter those details each time you want to access your account online.

    Most internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all cookies or to have your computer notify you each time a cookie is sent to it, and thereby give yourself the choice whether to accept it or not. If you reject all cookies, you will be unable to access your account online. You can also delete cookies from your computer after they have been created.

    Use of the Information by Verifi

    The information requested in any identity verification transaction initiated by customers is required to enable us to provide a service to you and the reporting entity whom you are establishing a relationship with. That information, together with the information collected and maintained by Verifi during the identity verification process, is used to provide the services to you and to audit the success of any such services.

    Verifi may disclose your personal information to:
    • The reporting entity with whom you are establishing a relationship, applying for a financial product or other service with and other similar organisations, or those that are nominated by you; and
    • Government entities and other external data providers that hold information on you in order to verify that the information provided by you is consistent with the records held by such entities.

    Verifi takes all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure.

    What are your rights?

    You need not give us any of the personal information requested by Verifi. However, without that information Verifi will not be able to verify your identity to provide you with any other services, information or assistance you have sought.

    Should you have any questions or complaint about your privacy, please contact us. If a complaint is not resolved by Verifi to your satisfaction, you may complain to the Privacy Commissioner.

    Access to Information by Customers

    Customers can gain access to any information Verifi holds about them by emailing . We will process your request usually within 14 days. If your request is complex, more time may be needed in which case we will advise you of the extra time required.

    There is no fee for requesting access to your information, although Verifi may charge you the reasonable cost of processing your request.

    In some circumstances the law may allow Verifi to deny you access. In such a case we will explain to you the reason for refusing access.

    Correction of Information

    We ask that you promptly notify us of any changes to the personal information that Verifi holds about you. This ensures that your personal information is up to date and enables us to keep you informed of the continuing circumstances of your account, your margin obligations and your trading activities.

    You may ask us at any time to correct personal information held by Verifi about you, and which you believe is inaccurate. Should we disagree with you as to the accuracy of the information, you may request that we attach a statement to that information noting that you consider it inaccurate or incomplete.

    Your Consent

    By accessing this website or by submitting an application to verifiy your identity, you consent to Verifi collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.

    Amendments to this Privacy Statement

    Verifi may make changes to this Privacy Statement from time to time for any reason. This Privacy Statement is dated 4 May 2016.